System cloud engineer

Why this role matters

You will modernise and operate GOTEC’s hybrid cloud backbone – ensuring availability, automation, and security across plants in EMEA, NA, and APAC.

Key Outcomes – First 12 months

Migrate 2 production sites to new hybrid infrastructure with Zero Trust Segmentation

Modernize and Migrate OT Network for at least 5 sites

Automate TOP20 SIEM actions

What you will do

Operate and continuously improve our hybrid infrastructure (Azure, VMware / Hyper‑V, SAN, HCI)

Lead or co-lead migration sprints (AD, file, OT / IT segmentation, legacy exits)

Automate deployments and ops workflows via Bicep / Terraform, Power Shell, Git Hub Actions / ADO

Maintain and tune alerting (Azure Monitor, Grafana, Wazuh); coordinate follow‑the‑sun incident handling

Apply Zero‑Trust principles (identity-first access, microsegmentation, policy-as-code) to hybrid infra

Analyse and remediate vulnerabilities (LAPS, Defender, firmware baselines, patch compliance)

Operate and evolve our network edge (VPN, Forti Gate, SD‑WAN, Express Route, MACsec, 802.1 X)

Document SOPs and patterns in Share Point / Teams; mentor juniors on best practices

Must-have skills

3+ years hands-on with Azure Iaa S and VMware or Hyper‑V

3+ years hands-on with M365 administration (Intune, Exchange Online, Teams, Share Point)

Deep understanding of hybrid networking & Zero Trust (routing, VLAN, VPN, Express Route, NAC, segmentation)

Ia C expertise (Bicep / Terraform) and real-world CI / CD experience

Scripting proficiency (Power Shell / Bash)

Basic security controls : MFA, Conditional Access, Defender, LAPS

English B2+; willingness for follow‑the‑sun on-call, ≤ 10 % travel

Nice to have

Fortinet NGFW, industrial firewalls, SD‑WAN

SIEM tuning (e.g. Wazuh, Prometheus → Grafana)

Certificates : AZ‑104, VCP‑DCV, ITIL 4

Familiarity with TISAX, ISA / IEC 62443, ISO 27001

Language : German or Polish beneficial