Systems Administrator (L3) - Miami, FL

Quadratic IT, LLC

Doral, FL

JOB DETAILS
SKILLS
Access Control, Atlassian JIRA, Business Solutions, Communication Skills, Computer Security, Consulting, Customer Support/Service, DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System), Data Recovery, Database Administration, Distribution Services, Documentation, EAD, ERP (Enterprise Resource Planning), Embedded Systems, Environmental Monitoring, File and Print Sharing, Firewalls, Government, Help Desk, Human-Computer Interaction, IT Service Management (ITSM), Incident Response, Layer 3 Protocols, Legal, Licensing, Microsoft Active Directory, Microsoft Hyper-V, Microsoft SQL Server, Microsoft Windows Azure, Microsoft Windows Server, Microsoft Windows System Administration, NetApp Storage Systems, Network Routing, Network Security, Network Switching, On Site Support, Operational Audit, Platform as a Service (PaaS), Professional Services, Public Key Infrastructure (PKI), Record Keeping, Replication and Remote Mirroring, Server Clusters, Server Support, Service Delivery, ServiceNow, Software Installation, Software Patches, Storage Architecture, Storage Area Network (SAN), Systems Administration/Management, Technical Leadership, U.S. National Institute of Standards and Technology (NIST), United States Citizen, VLAN (Virtual Local Area Network), VMWare, VMWare Certified Professional (VCP), VMWare vSphere, Virtual Machine (VM), Virtualization, Willing to Travel
LOCATION
Doral, FL
POSTED
7 days ago

Systems Administrator (L3)

MSP4, LLC  |  Full-Time  |  Onsite (United States)  |  Up to 10% Regional Travel  |  4 to 6 years experience


About the Role

This is a hands-on operational role. You own the day-to-day administration of client infrastructure across a portfolio spanning professional services, manufacturing, distribution, legal, and government sectors. Environments range from roughly 50 to 1,500 users and carry real compliance weight: CMMC L2, NIST 800-171, and SOC 2 are active requirements across this client base.

You implement, operate, and maintain inside the framework set by the Principal Solutions Architect and the Senior Engineering team. Your work turns an approved design into a running, monitored, documented environment that passes audit: Windows Server, virtualization clusters, SAN and HCI storage, Veeam backup, Microsoft 365 and Azure tenants, and defined-scope network change work. Design authority sits above your tier.

At the L3 tier, you sit between the L2 Field Support Technicians and Senior Infrastructure and Network Security Engineering. L2 escalations land with you; design questions and architecturally novel changes escalate up from you. You own the outcome at the server and platform layer at your assigned locations, and you touch the client environment every day. This is a full onsite role at a client facility in your posted location, with regional coverage for nearby MSP4 clients where it applies.


What You Will Do

  • Administer Windows Server environments: Active Directory, DNS, DHCP, Group Policy, file and print services, and certificate services at an operational level
  • Operate VMware vSphere or Microsoft Hyper-V clusters day to day: VM lifecycle, capacity monitoring, host patching, vMotion or Live Migration, HA and DRS behavior, and snapshot hygiene
  • Run SAN and HCI storage operations across NetApp, Pure Storage, Nutanix, or VMware vSAN: provisioning, volume and LUN changes, capacity monitoring, and health checks. Storage architecture sits with Senior Infrastructure Engineering.
  • Operate Veeam Backup and Replication: job management, backup verification, restore execution, immutable repository and tape operations where applicable, and backup gap remediation
  • Execute network change at a defined scope: firewall rule adds and modifications against approved standards, VLAN configuration on managed switches, and switch port and access layer work. Routing, firewall architecture, and policy design sit with Senior Network Security Engineering.
  • Administer Microsoft 365 and Azure tenants: identity, licensing, Intune policy application, Conditional Access within established standards, and baseline tenant hygiene
  • Perform operational SQL Server work in support of client ERP and line-of-business applications: installation, patching, version upgrades, backup coordination with Veeam, and baseline instance administration. DBA-level query tuning, indexing, and application-side schema sit with client DBAs or application vendors.
  • Own L2 escalations: take the tickets that pass the endpoint and site layer, resolve within scope, or escalate cleanly to Senior Engineering
  • Apply STIG hardening and NIST 800-171 control execution at the server layer in support of CMMC L2 and SOC 2
  • Communicate with clients on infrastructure work, change windows, and incident response, working with both technical contacts and non-technical stakeholders
  • Produce documentation: change records, operational runbooks, and audit-ready configuration records written so another engineer can operate the environment without asking you questions
  • Maintain ticketing discipline in a PSA or ITSM platform such as Jira Service Management, HaloPSA, ConnectWise, Autotask, or ServiceNow, keeping change records clean and audit-ready

Qualifications Matrix

Candidates are scored against these. Categories: Technical, Functional, Consulting, Credentials.

#QualificationCategoryDescription
1Windows Server operationsTechnicalActive Directory, DNS, DHCP, Group Policy, PKI basics, and file and print services at hands-on operational fluency.
2Virtualization operationsTechnicalProduction VMware vSphere or Microsoft Hyper-V: host and cluster administration, VM lifecycle, patching, snapshot management, and HA and DRS behavior at an operator level.
3SAN / HCI storage operationsTechnicalProvision, monitor, and resize across at least one of NetApp ONTAP, Pure Storage, Nutanix, or VMware vSAN, and recognize when a change exceeds scope.
4Backup operationsTechnicalVeeam Backup and Replication: backup jobs, restores, repository management, and backup failure triage.
5Network change at defined scopeTechnicalFirewall rule changes against an approved standard, VLAN configuration, and switch port and access layer work, with a clear stop-and-escalate boundary to Senior Network Security Engineering.
6Microsoft 365 and Azure administrationTechnicalProduction tenant administration including identity, licensing, Intune, and Conditional Access within established standards.
7SQL Server operationsTechnicalInstallation, patching, licensing awareness, backup coordination with Veeam, and baseline instance administration. Platform layer, not DBA-level query tuning.
8Compliance control executionFunctionalSTIG application and NIST 800-171 control execution at the server layer in support of CMMC L2 and SOC 2.
9L2 escalation ownershipFunctionalTake tickets escalated from the endpoint and site layer, resolve within scope, and escalate cleanly to Senior Engineering when scope is exceeded.
10Multi-client service deliveryFunctionalComfort context-switching across clients and priorities throughout the day while holding to established standards.
11Ticketing disciplineConsultingClean, audit-ready change records in a PSA or ITSM platform such as Jira Service Management, HaloPSA, ConnectWise, Autotask, or ServiceNow.
12Documentation disciplineConsultingChange records, operational runbooks, and configuration records another engineer can operate from without asking questions.
13Three-way communicationConsultingWorks with non-technical client stakeholders, with the L2 technicians below in the escalation path, and with Senior Engineering above.
14Production experienceCredentials4 to 6 years of systems administration in a multi-client service delivery environment.
15US-person statusCredentialsUS citizen, US national, lawful permanent resident, or protected individual (refugee or asylee) under US law. Required for CUI and export-controlled system access under CMMC L2. Authorization to work in the US is not sufficient: a non-immigrant work visa (H-1B, L-1, TN), F-1 OPT/CPT, or an Employment Authorization Document does not satisfy this requirement.
16Relevant certificationsCredentialsMicrosoft Azure Administrator Associate (AZ-104), Windows Server Hybrid Administrator Associate (AZ-800/AZ-801), VMware VCP, or Veeam VMCE. A plus, not a requirement.

Eligibility & Scoring

Required. Absence screens the candidate out.

  • US-based work location and US-person status (matrix #15). You must be based in the United States and qualify as a US person: US citizen, US national, lawful permanent resident (green card holder), or protected individual (refugee or asylee) under US law. Authorization to work in the United States is not sufficient on its own. A non-immigrant work visa (H-1B, L-1, TN, and similar), F-1 OPT/CPT, or an Employment Authorization Document does not meet this requirement. This role's access to Controlled Unclassified Information and export-controlled systems is restricted to US persons under CMMC L2 and US export control regulations (ITAR / EAR).
  • 4 to 6 years of systems administration in a multi-client service delivery environment (matrix #14).
  • Hands-on Windows Server operational depth (matrix #1).
  • Production virtualization operations on VMware vSphere or Microsoft Hyper-V (matrix #2).
  • Working SAN or HCI storage operations on at least one named platform (matrix #3).
  • Veeam Backup and Replication operational experience (matrix #4).
  • Microsoft 365 and Azure tenant administration at a production level (matrix #6).
  • Audit-ready ticketing and documentation discipline (matrix #11, #12).

Preferred. Strengthens a candidate, never screens one out.

  • Defined-scope network change experience: firewall rule changes, VLAN, and switch port work (matrix #5).
  • Operational SQL Server experience in support of ERP and line-of-business applications (matrix #7).
  • STIG and NIST 800-171 control execution at the server layer (matrix #8).
  • Prior L2-to-L3 escalation ownership in a tiered support model (matrix #9).
  • Prior multi-client or MSP service delivery experience (matrix #10).
  • Certifications: AZ-104, AZ-800/AZ-801, VMware VCP, or Veeam VMCE (matrix #16).

Core Competencies

CompetencyBehavioral indicator
Executes within the frameworkOperates against what exists, flags what does not, and proposes improvements within scope; pushes back when something is wrong without redesigning on personal preference.
Knows the escalation boundaryResolves L2 escalations within the L3 scope and escalates architecturally novel changes up cleanly, with the boundary stated rather than guessed.
Operational reliabilityKeeps assigned environments running, monitored, and patched, and closes the gap between a well-designed system and a well-run one.
Documentation disciplineLeaves behind audit-ready change records and runbooks that let another engineer operate the environment unaided.
Three-way communicationCommunicates clearly with non-technical client stakeholders, with L2 technicians below, and with Senior Engineering above, across same-day context switches between clients.

How We Work

MSP4 does not operate like a traditional IT department or a ticket-centric help desk. We function as embedded IT leadership for our clients, accountable to their outcomes.

Our Principal Solutions Architect owns the design framework. Engineers at every level, including senior, execute within that framework. The tier structure keeps a multi-client portfolio consistent and audit-ready. Candidates who need design authority to feel effective should pass on this role. Candidates who find satisfaction in high-quality execution and in earning client trust through reliability will do well here.

We are building the operating model in real time. Some processes are documented; others are being written as we go. People here help shape what does not yet exist while executing reliably within what does.


About MSP4

MSP4, LLC provides infrastructure, security, and IT advisory services to mid-market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2.

We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.


Work Environment & Location

  • Full onsite at a client facility in your posted location, within the United States, with regional coverage for nearby MSP4 clients where it applies.
  • Up to 10% regional travel.
  • US-based work location and US-person status required. Work authorization alone (work visa, OPT/CPT, or EAD) does not qualify; see Eligibility & Scoring for the full definition.
  • Extended periods at a computer performing configuration, operations, and documentation work; regular hands-on work in client server rooms and data closets.

Equal Opportunity Statement

MSP4, LLC is an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.


How to Apply

Alongside your resume, submit a one-page cover page in PDF. Name the file CoverPage_LastName_FirstName_SystemsAdministratorL3.pdf. Include a header line with your name, the date, and the JD version string shown at the bottom of this posting.

On the cover page, answer the following in order:

  1. Describe the most complex L2-to-L3 escalation you have handled in the last 12 months. What came up to you, what did you actually change, and what did you send back down to L2 for future handling?
  2. Describe a ticket where you had to escalate to Senior Engineering or a Solutions Architect even though it would have been easier to handle it yourself. What was the boundary that made you escalate, and how did that decision play out?

Close with the following statement exactly: "I understand that my scope is server and platform operations within the framework set by Senior Engineering and the Principal Solutions Architect, and that platform redesign sits above my tier."

One page. PDF only.


MSP4 is hiring for this role in multiple U.S. cities. Other open positions are listed alongside this one.

JD v4.0. Retain this version string on your cover page.

About the Company

Q

Quadratic IT, LLC