Job Description:
Trigyn has a contractual opportunity for a System Administrator Technician. This resource will be working from the client site in Haiti.
Job Description:
The On-Premises Systems Administrator Technician will provide Tier 2 system administration support for client's office operations located in Port-au-Prince, Haiti. The role is exclusively focused on the local, on-premises ICT infrastructure that underpins the organization’s network security systems, technical rooms, and Joint Operations Centre (JOC) environment.
The technician is responsible for the deployment, configuration, hardening, maintenance, monitoring, and troubleshooting of on-premises servers and systems running Windows Server and Linux operating systems. This position does not cover cloud-hosted business applications or data services, which are managed separately.
Note: This position will be deployed in a conflict zone (Haiti) under operational conditions. Personnel must be prepared to work in austere environments with heightened security risks, limited infrastructure, and strict security protocols.
II. Equipment Scope
Server Infrastructure
• Physical and virtual servers running Windows Server (2016/2019/2022) and Linux (RHEL, CentOS, Ubuntu Server, Debian).
• On-premises hypervisor platforms: Proxmox for server virtualization.
• Server hardware: rack-mounted servers, blade systems, storage arrays, and associated components.
• Local backup and recovery appliances for on-premises data protection.
Network & Security Infrastructure Systems
• On-premises management and control-plane servers supporting network infrastructure (e.g., Cisco DNA Center, Cisco ISE nodes, WLC management VMs).
• Security infrastructure servers: Check Point Security Management Servers (SMS), log collectors, and correlation servers.
• SIEM/log management platform servers: syslog aggregators, SIEM indexers, and search heads hosted on premises.
• Network Time Protocol (NTP) servers and DNS/DHCP servers (Windows IPAM / Linux BIND/ISC DHCP).
• Certificate Authority (CA) servers: Microsoft AD CS or open-source PKI for internal certificate issuance.
Technical Room & JOC Systems
• Server room and technical room environment: physical rack management, power distribution units (PDUs), and UPS systems.
• Environmental monitoring systems: temperature, humidity, and power sensors.
• KVM-over-IP switches and console servers for out-of-band access to technical room equipment.
• JOC-specific on-premises systems: display management servers, video wall controllers, and AV integration servers where applicable.
• Local file and print servers supporting JOC and technical operations (not business data).
Backup & Recovery
• On-premises backup solutions (e.g., Veeam Backup & Replication, Proxmox Backup) for system and configuration backups.
• Backup scheduling, monitoring, verification, and restoration testing for all on-premises systems.
• Disaster recovery procedures for on-premises infrastructure in the event of hardware failure or site incidents.
III. Technical Knowledge
Windows Server Administration
• Installation, configuration, and hardening of Windows Server 2016/2019/2022.
• Active Directory Domain Services: forest/domain design, OU structure, replication, and trust relationships.
• Group Policy management: GPO creation, linking, inheritance, filtering, and troubleshooting.
• Windows Server roles and features: DNS, DHCP, File Services (DFS/DFSR), Print Services, IIS, NPS, and AD CS.
• Windows Server Update Services (WSUS) or equivalent patching solution for on-premise systems.
• PowerShell scripting for automation of administrative tasks, user provisioning, and system health checks.
• Windows Event Log management, Performance Monitor, and Resource Monitor for system diagnostics.
• BitLocker and EFS for data-at-rest encryption on Windows systems.
Linux System Administration
• Installation, configuration, and hardening of enterprise Linux distributions: RHEL/CentOS/Rocky Linux and Ubuntu/Debian Server.
• Linux service management: systemd, init scripts, and daemon configuration.
• Package management: yum/dnf (RHEL-based) and apt (Debian-based) for software installation and patching.
• File system management: LVM, ext4/XFS, NFS/CIFS mounts, and disk quota management.
• Linux networking: interface configuration, bonding/teaming, routing tables, firewalld/iptables, and SELinux/AppArmor.
• Bash and Python scripting for task automation, log parsing, and system monitoring.
• Linux logging: rsyslog, journald, logrotate, and centralized log forwarding.
• SSH hardening: key-based authentication, sshd_config hardening, and PAM configuration.
• Linux security: CIS Benchmark hardening, AIDE (file integrity monitoring), and audited configuration.
Virtualization & Hypervisor Management
• Install, configure, and administer Proxmox VE nodes, including cluster formation, Corosync/quorum, and HA group configuration with failover testing.
• Manage KVM virtual machines and LXC containers: provisioning, resource allocation, lifecycle management, and migration via web GUI and CLI (pvesh, qm, pct).
• Create and maintain hardened VM/container golden images for standardised Windows Server and Linux deployments.
• Administer Proxmox Backup Server (PBS): backup jobs, retention policies, and periodic restore verification against RPO/RTO objectives.
• Monitor cluster health, track capacity trends, and manage PVE updates within the change management framework.
System Security & Hardening
• OS hardening in accordance with CIS Benchmarks for Windows Server and Linux.
• Patch management: vulnerability scanning integration (e.g., Nessus/OpenVAS), patch prioritization, and deployment tracking.
• Host-based firewall management: Windows Defender Firewall with Advanced Security and Linux iptables/firewall.
• Antivirus/EDR management for on-premises endpoints and servers (e.g., Microsoft Defender, CrowdStrike, or equivalent).
• Privileged access management: local administrator for account control, service account auditing.
• System audit logging: configuration of auditd (Linux) and Windows Security Auditing policies in alignment with SIEM ingestion requirements.
Monitoring & Log Management
• On-premises monitoring platform administration (e.g. Nagios, Prometheus/Grafana, or equivalent) for server health, performance, and availability.
• Configuration of monitoring agents, SNMP traps, and alerting thresholds for on-premises systems.
• Administration of on-premises SIEM/log management platform (e.g., Splunk, IBM QRadar, Graylog, or equivalent).
• Maintenance of log ingestion pipelines: syslog forwarding from Windows (NXLog/Winlogbeat) and Linux (rsyslog/Filebeat) systems.
• Creation and maintenance of dashboards, alerts, and scheduled reports for system health and security events.
• Log retention management: ensuring log data is retained and archived in compliance with organizational policy.
IV. Duties
The technician will perform, but not be limited to:
The Systems Administrator is responsible for the full lifecycle management of the on-premises ICT infrastructure. On the Windows side, the technician deploys and maintains core server roles — Active Directory, DNS, DHCP, Certificate Authority, and NPS — managing GPOs, WSUS patching cycles, and PowerShell automation while monitoring event logs and system health. Linux servers underpinning the security infrastructure, SIEM, and monitoring platforms are equally maintained, with rigorous attention to package patching, CIS benchmark hardening, SSH key management, and service account hygiene.
The virtualization environment, built on Proxmox VE, is administered end-to-end: provisioning and decommissioning KVM virtual machines and LXC containers, maintaining hardened golden images, managing storage backends (LVM-Thin, ZFS, NFS/iSCSI), monitoring cluster health, and applying PVE updates within the change management framework. Backup integrity is ensured through daily Proxmox Backup Server (PBS) job verification and quarterly restore tests validated against defined RPO/RTO objectives.
The technician maintains the physical technical rooms and JOC environment, overseeing rack organization, PDU load balancing, UPS health, and environmental monitoring, while ensuring KVM-over-IP and console server access remains secure and operational. JOC on-premises systems — including display servers and video wall controllers — are kept patched and available.
From a security and compliance standpoint, the technician enforces CIS hardening standards across all managed systems, manages EDR and antivirus alerts, conducts periodic privileged access reviews, and supports ICT security audits by providing patch compliance and access control evidence. The monitoring and SIEM platforms are actively administered to ensure all log sources are correctly ingested, health dashboards are reviewed daily, and weekly and monthly infrastructure reports are delivered to ICT management. All activities are carried out in accordance with ICT policies, change management procedures, and organizational security standards, with up-to-date documentation and run-books maintained throughout.
VI. Experience & Certification
• Minimum 5–7 years' experience in systems administration roles covering both Windows Server and Linux in enterprise or mission-critical environments.
• Demonstrated experience administering Active Directory, Group Policy, and core Windows Server infrastructure roles (DNS, DHCP, CA, NPS).
• Proven hands-on experience with enterprise Linux distributions (RHEL/CentOS/Rocky Linux and/or Ubuntu/Debian Server) in production environments.
• Experience managing on-premises virtualization platforms, specifically Proxmox VE, including cluster administration, KVM/LXC management, ZFS storage, and Proxmox Backup Server (PBS).
• Experience with on-premises backup solutions and demonstrated ability to execute and document disaster recovery procedures.
• Demonstrated experience with SIEM and log management platforms and system monitoring tools in an operational environment.
• Exposure to ICT security operations, system hardening (CIS Benchmarks), and vulnerability management is highly desirable.
• Experience in NGO, peacekeeping, or international mission environments is highly desirable.
Required / Desirable Certifications:
• Red Hat Certified System Administrator (RHCSA) or Linux Professional Institute LPIC-1/LPIC-2 — Required.
• Microsoft Certified: Windows Server Hybrid Administrator Associate or equivalent — Required.
• Proxmox VE Administrator certification or equivalent demonstrated hands-on experience — Desirable.
• CompTIA Server+ or CompTIA Linux+ — An asset.
• CompTIA Security+ or equivalent security certification — Desirable.
• ITIL Foundation — Desirable.
• National driver's license for light motor vehicles — Required.
VII. Language
• Fluency in English, both written and oral, is required.
• Fluency or working knowledge of French is highly desirable as an additional language.
For Immediate Response, please send your Resume to Global-Recruitment@Trigyn.com
TRIGYN TECHNOLOGIES is a multinational IT services company with resources deployed in 28 countries. TRIGYN is an ISO 9001:2015, ISO 27001:2022 (ISMS) and CMMI Level 5 certified company. TRIGYN has offices in the United States, Canada, Switzerland and India.