Senior Systems Analyst

About Houston-Galveston Area Council

The Houston-Galveston Area Council is one of the largest regional planning commissions in the country with a diverse service area of 13 counties and more than 7 million people. We are the pulse of our region addressing issues that cross city limits and county lines every single day.

We make decisions that affect our transportation system, ensure the safety and well-being of our seniors, connect people to jobs, help families recover from natural disasters, preserve water quality for our children, and so much more. We work to make the region a great place to live, work, and thrive.

What will I be doing?

We are seeking an experienced Senior Systems Analyst to join our IT team in a critical role that supports and maintains our enterprise infrastructure. This position will be responsible for the administration, optimization, and security of our hybrid cloud and on-premises environments. The ideal candidate will serve as a technical expert who can bridge the gap between business requirements and technology solutions while ensuring the stability, security, and performance of our IT systems. This role requires strong technical expertise, combined with excellent communication skills, to collaborate effectively with both technical leadership and business stakeholders.

o Administer and optimize Azure cloud infrastructure and Microsoft 365 tenant, including resource management, virtual networks, identity and access management, Exchange Online, SharePoint, Teams, OneDrive, and security/compliance features

o Implement and maintain Microsoft Entra ID (Azure Active Directory), conditional access policies, identity governance, and hybrid identity integration with on-premises Active Directory using Azure AD Connect. Configure and manage Entra ID as an Identity Provider (IdP) for enterprise applications, including SSO integration (SAML, OAuth, OIDC), SCIM provisioning and deprovisioning, application consent policies, and enterprise application lifecycle management

o Support Azure infrastructure for data warehousing and analytics platforms, including Microsoft Fabric, Azure Synapse Analytics, and Azure Data Lake, ensuring appropriate security, performance, and resource optimization for AI/ML and business intelligence workloads

o Monitor cloud resource utilization and optimize costs while maintaining performance standards

o Administer and maintain virtualization environments (VMware vSphere, Microsoft Hyper-V) and enterprise storage infrastructure (EMC VNX, HP Alletra), including support for migration initiatives from VMware to alternative platforms

o Monitor and optimize virtual machine and storage performance, manage resource allocation and capacity planning, implement high availability and fault tolerance configurations, and perform VM provisioning and lifecycle management

o Administer backup infrastructure, including Veeam backup and replication, Exagrid deduplication appliances, iLand cloud backup targets, and Azure storage repositories with appropriate retention policies

o Monitor backup job success rates, troubleshoot failures, perform regular disaster recovery testing, maintain DR documentation and runbooks, and ensure compliance with RPO targets, retention policies, and regulatory requirements

o Administer on-premises Active Directory Domain Services including domain controllers, organizational units, users, groups, computer accounts, Group Policy Objects, Active Directory Sites and Services, replication, and DNS integration

o Implement and maintain server hardening techniques and secure baseline configurations for Windows and Linux systems following industry best practices (CIS, DISA STIGs, NIST), and perform regular patching, updates, and vulnerability remediation

o Monitor and maintain domain controller health, performance, and redundancy

o Design, implement, and maintain LAN/WAN infrastructure, Ruckus wireless networking solutions, network segmentation, VLANs, routing, and switching infrastructure, with ongoing capacity planning and scalability optimization

o Administer security infrastructure including Palo Alto security appliances, Cloudflare services (DDoS protection, WAF, CDN), and Splunk SIEM for firewall policies, threat prevention, security monitoring, log analysis, and incident detection

o Implement and maintain security best practices, hardening standards, and compliance across all systems and infrastructure components, and conduct regular security assessments and vulnerability remediation

o Manage domain name registrations, DNS configurations and infrastructure (internal/external zones, records, DNSSEC), SSL/TLS certificate lifecycle management, and ensure high availability and redundancy of critical DNS services

o Create and maintain comprehensive technical documentation, including system configurations, procedures, SOPs, architectural decisions, and diagrams (network topology, Active Directory, virtualization infrastructure, system architecture) using industry-standard tools

o Communicate technical information effectively to technical leadership and business stakeholders, and provide regular status updates and reports to management and project teams

o Stay current with emerging technologies and industry trends, evaluate new solutions that align with organizational mission and strategic direction, provide recommendations for technology improvements and modernization, and participate in professional development activities

o Provide tier 3 technical support and troubleshooting for complex infrastructure issues

o Collaborate with IT team members and business stakeholders on technology initiatives, monitor system performance and capacity planning, and participate in change management processes and maintenance window coordination

o Participate in on-call rotation and work after-hours and weekends as required for planned maintenance activities, unplanned outages, and support needs

o Perform other duties as assigned to support departmental and organizational objectives

Key Qualifications

ü Education and Experience

o Bachelor's degree in Computer Science, Information Technology, or related field, or equivalent work experience

o Minimum 5-7 years of experience in systems administration, network administration, or related IT infrastructure roles

o Demonstrated experience administering Microsoft Azure and Microsoft 365 environments

o Proven experience with Active Directory administration in enterprise environments

o Experience with enterprise virtualization platforms (VMware, Hyper-V, or equivalent)

o Experience with enterprise backup and recovery solutions

ü Technical Skills

o Extensive experience with Microsoft cloud and on-premises infrastructure, including Azure services (compute, storage, virtual networks), Microsoft 365 administration (Exchange Online, SharePoint, Teams), Active Directory Domain Services, Group Policy, and hybrid identity solutions (Azure AD Connect)

o Experience configuring Microsoft Entra ID as an Identity Provider for third-party applications, including SSO implementations (SAML 2.0, OAuth 2.0, OpenID Connect), automated user provisioning with SCIM 2.0, managing app registrations and service principals, configuring API permissions and consent, and troubleshooting authentication and authorization issues.

o Experience with enterprise virtualization platforms (VMware vSphere, Microsoft Hyper-V) and storage systems (SAN/NAS technologies)

o Hands-on experience with enterprise backup and recovery solutions (Veeam or equivalent), including disaster recovery planning and business continuity principles

o Experience implementing server hardening techniques, security baseline configurations, and industry security frameworks (CIS, DISA STIGs, NIST)

o Solid understanding of networking concepts including TCP/IP, routing, switching, VLANs, and subnetting

o Experience with enterprise wireless networking solutions (Ruckus or equivalent platforms)

o Hands-on experience with enterprise firewall administration (Palo Alto or similar next-generation firewalls)

o Knowledge of DNS architecture, configuration, and troubleshooting

o Experience with SSL/TLS certificate management and PKI infrastructure

o Proficiency in creating technical documentation and network/system diagrams

o Strong analytical and troubleshooting skills with the ability to resolve complex technical issues

o Demonstrated experience using generative AI tools (such as ChatGPT, Claude, GitHub Copilot, or similar platforms) to enhance systems administration work, including script development, troubleshooting assistance, documentation creation, and problem-solving

o Ability to effectively craft prompts and leverage AI assistance for technical tasks, including code generation, log analysis, configuration troubleshooting, and technical documentation

o Understanding of generative AI capabilities and limitations in IT operations contexts, including awareness of security considerations and data privacy when using AI tools

ü Professional Competencies

o Excellent written and verbal communication skills with the ability to effectively interact with technical teams, leadership, and business stakeholders, and explain technical concepts to non-technical audiences

o Proven ability to work independently and manage multiple priorities

o Experience working in a team-oriented, collaborative environment

o Commitment to maintaining security and compliance best practices

o Demonstrated commitment to continuous learning, professional development, and adapting to emerging technologies

o Flexibility to work non-standard hours, including evenings and weekends when necessary

o Strong attention to detail and organizational skills

Do you have…

ü Bachelor's degree in an applicable academic discipline or related field of study

ü 5 years of experience with local government, nonprofit programs, schools, or in job-related duties

Preferred…

ü Certifications

o Microsoft certifications: Azure Administrator Associate, Azure Solutions Architect Expert, Microsoft 365 Enterprise Administrator Expert, or Windows Server Hybrid Administrator Associate

o VMware Certified Professional (VCP) or Microsoft Certified: Azure Virtual Desktop Specialty

o Veeam Certified Engineer (VMCE) or Veeam Certified Architect (VMCA)

o Palo Alto Networks Certified Network Security Administrator (PCNSA) or higher

o Ruckus Certified Professional or equivalent wireless networking certification

o Security certifications such as CompTIA Security+, CISSP, or equivalent

o Splunk Core Certified User or Splunk Enterprise Certified Admin

ü Additional Experience and Skills

o Experience with backup and disaster recovery technologies, including Veeam Backup & Replication, Exagrid deduplication appliances, iLand cloud services, Azure Backup, and Azure Site Recovery

o Experience managing enterprise storage arrays (EMC VNX, HP Alletra) and planning virtualization platform migrations (VMware to Hyper-V or similar)

o Experience supporting Azure data and analytics services such as Microsoft Fabric, Azure Synapse Analytics, or Azure Data Lake

o Familiarity with Azure AI/ML services infrastructure requirements (Azure Machine Learning, Cognitive Services, Azure Data Lake) and ability to collaborate with data engineering and analytics teams.

o Experience with federated identity management, advanced Entra ID features including Conditional Access, Identity Protection, Privileged Identity Management (PIM), and multi-factor authentication (MFA) policies

o Knowledge of identity and access management (IAM) standards and protocols including SAML, OAuth 2.0, OpenID Connect, SCIM, and JWT tokens

o Experience with Cloudflare services including CDN, WAF, and DNS management

o Hands-on experience with Splunk for SIEM, log management, and analytics

o Experience implementing CIS Benchmarks, DISA STIGs, or other hardening frameworks

o Experience with automation and infrastructure as code technologies including PowerShell, Azure CLI, Terraform, Azure Resource Manager templates, and configuration management tools (Desired State Configuration, Ansible, Puppet, Chef)

o Proficiency with diagramming tools such as Microsoft Visio, Lucidchart, Draw.io, or similar platforms

o Familiarity with ITIL frameworks and change management processes

o Knowledge of SD-WAN technologies and implementation

o Knowledge of security and compliance frameworks including zero trust architecture, SOC 2, ISO 27001, HIPAA, and related standards

o Experience with Windows Server and Linux server administration

o Knowledge of privileged access management (PAM) solutions

o Previous experience in a leadership or mentoring role

o Project management experience or PMP certification

o Experience presenting technical information to executive leadership and business stakeholders

All employees of H-GAC are required to reside within the agency’s region of service to support our commitment to excellence in service of our region.

H-GAC is an equal opportunity/ADA employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, or protected veteran status.