System / Cloud Engineer

Why this role matters

You will modernise and operate GOTEC’s hybrid cloud backbone – ensuring availability, automation, and security across plants in EMEA, NA, and APAC.

Key Outcomes – First 12 months

• Migrate 2 production sites to new hybrid infrastructure with Zero Trust Segmentation

• Modernize and Migrate OT Network for at least 5 sites

• Automate TOP20 SIEM actions

What you will do

• Operate and continuously improve our hybrid infrastructure (Azure, VMware/Hyper‑V, SAN, HCI)

• Lead or co-lead migration sprints (AD, file, OT/IT segmentation, legacy exits)

• Automate deployments and ops workflows via Bicep / Terraform, PowerShell, GitHub Actions / ADO

• Maintain and tune alerting (Azure Monitor, Grafana, Wazuh); coordinate follow‑the‑sun incident handling

• Apply Zero‑Trust principles (identity-first access, microsegmentation, policy-as-code) to hybrid infra

• Analyse and remediate vulnerabilities (LAPS, Defender, firmware baselines, patch compliance)

• Operate and evolve our network edge (VPN, FortiGate, SD‑WAN, ExpressRoute, MACsec, 802.1X)

• Document SOPs and patterns in SharePoint / Teams; mentor juniors on best practices

Must-have skills

• 3+ years hands-on with Azure IaaS and VMware or Hyper‑V

• 3+ years hands-on with M365 administration (Intune, Exchange Online, Teams, SharePoint)

• Deep understanding of hybrid networking & Zero Trust (routing, VLAN, VPN, ExpressRoute, NAC, segmentation)

• IaC expertise (Bicep/Terraform) and real-world CI/CD experience

• Scripting proficiency (PowerShell / Bash)

• Basic security controls: MFA, Conditional Access, Defender, LAPS

• English B2+; willingness for follow‑the‑sun on-call, ≤ 10 % travel

Nice to have

• Fortinet NGFW, industrial firewalls, SD‑WAN

• SIEM tuning (e.g. Wazuh, Prometheus → Grafana)

• Certificates: AZ‑104, VCP‑DCV, ITIL 4

• Familiarity with TISAX, ISA/IEC 62443, ISO 27001

• Language: German or Polish beneficial