Systems Engineer (Cybersecurity & Infrastructure) job at Quality Chemical Industries Limited

Job Summary:

The Systems Engineer (Cybersecurity & Infrastructure) is a senior technical role responsible for designing, securing, and governing QCIL’s server and platform environment. The incumbent will lead infrastructure architecture, virtualization (VMware), enterprise application platform readiness (Microsoft 365, SAP, LIMS, TrackWise), and system security controls required to protect GxP/GMP environments. This role owns standards, technical governance, and disaster recovery design, while the Systems Administrator executes approved operational workstreams.

Reporting Line:

Reports to: Head of IT

Works closely with: Network Engineer (FortiGate / segmentation), OT stakeholders, Application owners, Vendors

Direct reports: Systems Administrator (Infrastructure & Applications)

Primary Objectives (What success looks like)

• Secure, stable, and scalable server and platform environment with measurable availability and recoverability.
• Evidence-ready controls for GxP/GMP audits (security, access, backup, DR, change control).
• Reduced cyber risk through hardening, vulnerability remediation, monitoring, and privileged access control.
• Predictable, documented system standards and architecture aligned to QCIL business goals.

Key Responsibilities (Technical – Detailed)

A. Infrastructure Architecture & Governance

• Assess current server, virtualization, storage, identity, and application platform architecture and produce a target-state roadmap.
• Define and maintain system standards: build templates, naming conventions, IP/DNS standards for servers, patching baselines, backup standards, and logging standards.
• Approve system changes that affect regulated (GxP/GMP) services, ensuring documented impact assessment and rollback plans.
• Ensure new technologies align with QCIL architecture and security guidelines before deployment.

B. Cybersecurity for Servers, Identity & Platforms

• Own server hardening standards (Windows/Linux) and ensure alignment to recognized baselines and QCIL policies.
• Lead vulnerability management for servers and core platforms: scan review, risk triage, remediation planning, and verification.
• Administer and tune endpoint/server security tooling (EDR/AV policies for servers), and ensure critical servers are onboarded to SIEM/log monitoring.
• Implement privileged access controls
• Partner with the Network Engineer to ensure IT/OT segmentation is enforced for systems
• Support incident response for system-side events.

C. Virtualization (VMware) & Platform Engineering

• Own VMware design and lifecycle management.
• Define VM templates, resource sizing standards, snapshot governance, and host patching schedules with controlled maintenance windows.
• Design backup and recovery procedures for VMware hosts and critical VMs based on best practices.

D. Core Enterprise Systems (Microsoft 365, SAP, LIMS, TrackWise)

• Lead infrastructure readiness for core platforms.
• Coordinate vendor and internal technical teams during upgrades, changes, and troubleshooting of enterprise systems.
• Define and maintain application dependency maps and connectivity matrices (ports/protocols) for regulated applications.

E. Backup, Disaster Recovery & Business Continuity

• Own backup strategy and recovery assurance for servers, VMs, and databases: retention, encryption, monitoring, and restore testing.
• Design, implement, supervise, and test QCIL’s Disaster Recovery Plan for systems.
• Ensure DR documentation and evidence is audit-ready for GxP/GMP requirements.

F. Compliance, Audit & Documentation

• Lead technical remediation of audit findings related to systems, access controls, patching, backups, logging, and security configuration.
• Maintain architecture diagrams, as-built documentation, SOPs/runbooks, and system inventories.
• Prepare monthly operational reporting: platform health, risks, vulnerability posture, backup/DR status, and improvement roadmap.

Key Performance Indicators (KPIs)

• Platform availability (uptime) for critical services (AD/DNS, virtualization, core apps).
• Backup success rate and restore test success rate for critical systems.
• Vulnerability remediation SLA compliance (critical/high findings).
• Audit findings closed within agreed timelines with evidence.
• Mean time to resolve (MTTR) for system incidents and reduction of recurring issues.

Minimum Qualifications & Experience

• BSc degree in IT, Computer Science, Engineering, or related field.
• Minimum 5 years in Systems Administration/Engineering with demonstrated ownership of VMware and Windows Server environments.
• Hands-on experience supporting enterprise platforms (Microsoft 365, SAP or similar ERP, LIMS, TrackWise or regulated quality systems).
• Experience with vulnerability management and security tooling (EDR, SIEM concepts, hardening).

Certifications (Preferred)

• Microsoft (e.g., Windows Server / Azure / M365) certifications.
• VMware (VCP) or equivalent virtualization certification.
• Security-related certification (e.g., Security+, vendor security training) – advantage.
• ITIL Foundation – advantage.

Core Technical Skills

• Windows Server (AD DS, GPO, DNS, DHCP), Linux administration, scripting/automation basics (PowerShell).
• VMware vCenter/ESXi, HA/DRS, capacity planning, troubleshooting performance bottlenecks.
• Backup and recovery tooling and methodology; DR planning and testing.
• Database fundamentals (SQL Server/Postgres) including backup/restore, permissions, performance monitoring.
• Security hardening, vulnerability remediation workflows, logging/monitoring concepts, and incident support.

Behavioral Competencies

• Strong analytical problem-solving; evidence-based troubleshooting.
• Excellent documentation discipline and change control mindset (especially for GxP systems).
• Ability to communicate technical risk and options to non-technical stakeholders.
• Collaborative leadership; mentoring Systems Administrator and working across teams.

• Assess current server, virtualization, storage, identity, and application platform architecture and produce a target-state roadmap.
• Define and maintain system standards: build templates, naming conventions, IP/DNS standards for servers, patching baselines, backup standards, and logging standards.
• Approve system changes that affect regulated (GxP/GMP) services, ensuring documented impact assessment and rollback plans.
• Ensure new technologies align with QCIL architecture and security guidelines before deployment.
• Own server hardening standards (Windows/Linux) and ensure alignment to recognized baselines and QCIL policies.
• Lead vulnerability management for servers and core platforms: scan review, risk triage, remediation planning, and verification.
• Administer and tune endpoint/server security tooling (EDR/AV policies for servers), and ensure critical servers are onboarded to SIEM/log monitoring.
• Implement privileged access controls
• Partner with the Network Engineer to ensure IT/OT segmentation is enforced for systems
• Support incident response for system-side events.
• Own VMware design and lifecycle management.
• Define VM templates, resource sizing standards, snapshot governance, and host patching schedules with controlled maintenance windows.
• Design backup and recovery procedures for VMware hosts and critical VMs based on best practices.
• Lead infrastructure readiness for core platforms.
• Coordinate vendor and internal technical teams during upgrades, changes, and troubleshooting of enterprise systems.
• Define and maintain application dependency maps and connectivity matrices (ports/protocols) for regulated applications.
• Own backup strategy and recovery assurance for servers, VMs, and databases: retention, encryption, monitoring, and restore testing.
• Design, implement, supervise, and test QCIL’s Disaster Recovery Plan for systems.
• Ensure DR documentation and evidence is audit-ready for GxP/GMP requirements.
• Lead technical remediation of audit findings related to systems, access controls, patching, backups, logging, and security configuration.
• Maintain architecture diagrams, as-built documentation, SOPs/runbooks, and system inventories.
• Prepare monthly operational reporting: platform health, risks, vulnerability posture, backup/DR status, and improvement roadmap.

• Windows Server (AD DS, GPO, DNS, DHCP)
• Linux administration
• Scripting/automation basics (PowerShell)
• VMware vCenter/ESXi
• HA/DRS
• Capacity planning
• Troubleshooting performance bottlenecks
• Backup and recovery tooling and methodology
• DR planning and testing
• Database fundamentals (SQL Server/Postgres) including backup/restore, permissions, performance monitoring
• Security hardening
• Vulnerability remediation workflows
• Logging/monitoring concepts
• Incident support
• Strong analytical problem-solving
• Evidence-based troubleshooting
• Excellent documentation discipline
• Change control mindset (especially for GxP systems)
• Ability to communicate technical risk and options to non-technical stakeholders
• Collaborative leadership
• Mentoring Systems Administrator
• Working across teams

• BSc degree in IT, Computer Science, Engineering, or related field.
• Minimum 5 years in Systems Administration/Engineering with demonstrated ownership of VMware and Windows Server environments.
• Hands-on experience supporting enterprise platforms (Microsoft 365, SAP or similar ERP, LIMS, TrackWise or regulated quality systems).
• Experience with vulnerability management and security tooling (EDR, SIEM concepts, hardening).
• Microsoft (e.g., Windows Server / Azure / M365) certifications.
• VMware (VCP) or equivalent virtualization certification.
• Security-related certification (e.g., Security+, vendor security training) – advantage.
• ITIL Foundation – advantage.