MSP4, LLC | Full-Time | Onsite (United States) | Up to 10% Regional Travel | 4 to 6 years experience
This is a hands-on operational role. You own the day-to-day administration of client infrastructure across a portfolio spanning professional services, manufacturing, distribution, legal, and government sectors. Environments range from roughly 50 to 1,500 users and carry real compliance weight: CMMC L2, NIST 800-171, and SOC 2 are active requirements across this client base.
You implement, operate, and maintain inside the framework set by the Principal Solutions Architect and the Senior Engineering team. Your work turns an approved design into a running, monitored, documented environment that passes audit: Windows Server, virtualization clusters, SAN and HCI storage, Veeam backup, Microsoft 365 and Azure tenants, and defined-scope network change work. Design authority sits above your tier.
At the L3 tier, you sit between the L2 Field Support Technicians and Senior Infrastructure and Network Security Engineering. L2 escalations land with you; design questions and architecturally novel changes escalate up from you. You own the outcome at the server and platform layer at your assigned locations, and you touch the client environment every day. This is a full onsite role at a client facility in your posted location, with regional coverage for nearby MSP4 clients where it applies.
Candidates are scored against these. Categories: Technical, Functional, Consulting, Credentials.
| # | Qualification | Category | Description |
|---|---|---|---|
| 1 | Windows Server operations | Technical | Active Directory, DNS, DHCP, Group Policy, PKI basics, and file and print services at hands-on operational fluency. |
| 2 | Virtualization operations | Technical | Production VMware vSphere or Microsoft Hyper-V: host and cluster administration, VM lifecycle, patching, snapshot management, and HA and DRS behavior at an operator level. |
| 3 | SAN / HCI storage operations | Technical | Provision, monitor, and resize across at least one of NetApp ONTAP, Pure Storage, Nutanix, or VMware vSAN, and recognize when a change exceeds scope. |
| 4 | Backup operations | Technical | Veeam Backup and Replication: backup jobs, restores, repository management, and backup failure triage. |
| 5 | Network change at defined scope | Technical | Firewall rule changes against an approved standard, VLAN configuration, and switch port and access layer work, with a clear stop-and-escalate boundary to Senior Network Security Engineering. |
| 6 | Microsoft 365 and Azure administration | Technical | Production tenant administration including identity, licensing, Intune, and Conditional Access within established standards. |
| 7 | SQL Server operations | Technical | Installation, patching, licensing awareness, backup coordination with Veeam, and baseline instance administration. Platform layer, not DBA-level query tuning. |
| 8 | Compliance control execution | Functional | STIG application and NIST 800-171 control execution at the server layer in support of CMMC L2 and SOC 2. |
| 9 | L2 escalation ownership | Functional | Take tickets escalated from the endpoint and site layer, resolve within scope, and escalate cleanly to Senior Engineering when scope is exceeded. |
| 10 | Multi-client service delivery | Functional | Comfort context-switching across clients and priorities throughout the day while holding to established standards. |
| 11 | Ticketing discipline | Consulting | Clean, audit-ready change records in a PSA or ITSM platform such as Jira Service Management, HaloPSA, ConnectWise, Autotask, or ServiceNow. |
| 12 | Documentation discipline | Consulting | Change records, operational runbooks, and configuration records another engineer can operate from without asking questions. |
| 13 | Three-way communication | Consulting | Works with non-technical client stakeholders, with the L2 technicians below in the escalation path, and with Senior Engineering above. |
| 14 | Production experience | Credentials | 4 to 6 years of systems administration in a multi-client service delivery environment. |
| 15 | US-person status | Credentials | US citizen, US national, lawful permanent resident, or protected individual (refugee or asylee) under US law. Required for CUI and export-controlled system access under CMMC L2. Authorization to work in the US is not sufficient: a non-immigrant work visa (H-1B, L-1, TN), F-1 OPT/CPT, or an Employment Authorization Document does not satisfy this requirement. |
| 16 | Relevant certifications | Credentials | Microsoft Azure Administrator Associate (AZ-104), Windows Server Hybrid Administrator Associate (AZ-800/AZ-801), VMware VCP, or Veeam VMCE. A plus, not a requirement. |
Required. Absence screens the candidate out.
Preferred. Strengthens a candidate, never screens one out.
| Competency | Behavioral indicator |
|---|---|
| Executes within the framework | Operates against what exists, flags what does not, and proposes improvements within scope; pushes back when something is wrong without redesigning on personal preference. |
| Knows the escalation boundary | Resolves L2 escalations within the L3 scope and escalates architecturally novel changes up cleanly, with the boundary stated rather than guessed. |
| Operational reliability | Keeps assigned environments running, monitored, and patched, and closes the gap between a well-designed system and a well-run one. |
| Documentation discipline | Leaves behind audit-ready change records and runbooks that let another engineer operate the environment unaided. |
| Three-way communication | Communicates clearly with non-technical client stakeholders, with L2 technicians below, and with Senior Engineering above, across same-day context switches between clients. |
MSP4 does not operate like a traditional IT department or a ticket-centric help desk. We function as embedded IT leadership for our clients, accountable to their outcomes.
Our Principal Solutions Architect owns the design framework. Engineers at every level, including senior, execute within that framework. The tier structure keeps a multi-client portfolio consistent and audit-ready. Candidates who need design authority to feel effective should pass on this role. Candidates who find satisfaction in high-quality execution and in earning client trust through reliability will do well here.
We are building the operating model in real time. Some processes are documented; others are being written as we go. People here help shape what does not yet exist while executing reliably within what does.
MSP4, LLC provides infrastructure, security, and IT advisory services to mid-market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2.
We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.
MSP4, LLC is an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.
Alongside your resume, submit a one-page cover page in PDF. Name the file CoverPage_LastName_FirstName_SystemsAdministratorL3.pdf. Include a header line with your name, the date, and the JD version string shown at the bottom of this posting.
On the cover page, answer the following in order:
Close with the following statement exactly: "I understand that my scope is server and platform operations within the framework set by Senior Engineering and the Principal Solutions Architect, and that platform redesign sits above my tier."
One page. PDF only.
MSP4 is hiring for this role in multiple U.S. cities. Other open positions are listed alongside this one.
JD v4.0. Retain this version string on your cover page.