About Houston-Galveston Area Council
The Houston-Galveston Area Council is one of the largest regional planning commissions in the country with a diverse service area of 13 counties and more than 7 million people. We are the pulse of our region addressing issues that cross city limits and county lines every single day.
We make decisions that affect our transportation system, ensure the safety and well-being of our seniors, connect people to jobs, help families recover from natural disasters, preserve water quality for our children, and so much more. We work to make the region a great place to live, work, and thrive.
What will I be doing?
We are seeking an experienced Senior Systems Analyst to join our IT team in a critical role that supports and maintains our enterprise infrastructure. This position will be responsible for the administration, optimization, and security of our hybrid cloud and on-premises environments. The ideal candidate will serve as a technical expert who can bridge the gap between business requirements and technology solutions while ensuring the stability, security, and performance of our IT systems. This role requires strong technical expertise, combined with excellent communication skills, to collaborate effectively with both technical leadership and business stakeholders.
oAdminister and optimize Azure cloud infrastructure and Microsoft 365 tenant, including resource management, virtual networks, identity and access management, Exchange Online, SharePoint, Teams, OneDrive, and security/compliance features
oImplement and maintain Microsoft Entra ID (Azure Active Directory), conditional access policies, identity governance, and hybrid identity integration with on-premises Active Directory using Azure AD Connect. Configure and manage Entra ID as an Identity Provider (IdP) for enterprise applications, including SSO integration (SAML, OAuth, OIDC), SCIM provisioning and deprovisioning, application consent policies, and enterprise application lifecycle management
oSupport Azure infrastructure for data warehousing and analytics platforms, including Microsoft Fabric, Azure Synapse Analytics, and Azure Data Lake, ensuring appropriate security, performance, and resource optimization for AI/ML and business intelligence workloads
oMonitor cloud resource utilization and optimize costs while maintaining performance standards
oAdminister and maintain virtualization environments (VMware vSphere, Microsoft Hyper-V) and enterprise storage infrastructure (EMC VNX, HP Alletra), including support for migration initiatives from VMware to alternative platforms
oMonitor and optimize virtual machine and storage performance, manage resource allocation and capacity planning, implement high availability and fault tolerance configurations, and perform VM provisioning and lifecycle management
oAdminister backup infrastructure, including Veeam backup and replication, Exagrid deduplication appliances, iLand cloud backup targets, and Azure storage repositories with appropriate retention policies
oMonitor backup job success rates, troubleshoot failures, perform regular disaster recovery testing, maintain DR documentation and runbooks, and ensure compliance with RPO targets, retention policies, and regulatory requirements
oAdminister on-premises Active Directory Domain Services including domain controllers, organizational units, users, groups, computer accounts, Group Policy Objects, Active Directory Sites and Services, replication, and DNS integration
oImplement and maintain server hardening techniques and secure baseline configurations for Windows and Linux systems following industry best practices (CIS, DISA STIGs, NIST), and perform regular patching, updates, and vulnerability remediation
oMonitor and maintain domain controller health, performance, and redundancy
oDesign, implement, and maintain LAN/WAN infrastructure, Ruckus wireless networking solutions, network segmentation, VLANs, routing, and switching infrastructure, with ongoing capacity planning and scalability optimization
oAdminister security infrastructure including Palo Alto security appliances, Cloudflare services (DDoS protection, WAF, CDN), and Splunk SIEM for firewall policies, threat prevention, security monitoring, log analysis, and incident detection
oImplement and maintain security best practices, hardening standards, and compliance across all systems and infrastructure components, and conduct regular security assessments and vulnerability remediation
oManage domain name registrations, DNS configurations and infrastructure (internal/external zones, records, DNSSEC), SSL/TLS certificate lifecycle management, and ensure high availability and redundancy of critical DNS services
oCreate and maintain comprehensive technical documentation, including system configurations, procedures, SOPs, architectural decisions, and diagrams (network topology, Active Directory, virtualization infrastructure, system architecture) using industry-standard tools
oCommunicate technical information effectively to technical leadership and business stakeholders, and provide regular status updates and reports to management and project teams
oStay current with emerging technologies and industry trends, evaluate new solutions that align with organizational mission and strategic direction, provide recommendations for technology improvements and modernization, and participate in professional development activities
oProvide tier 3 technical support and troubleshooting for complex infrastructure issues
oCollaborate with IT team members and business stakeholders on technology initiatives, monitor system performance and capacity planning, and participate in change management processes and maintenance window coordination
oParticipate in on-call rotation and work after-hours and weekends as required for planned maintenance activities, unplanned outages, and support needs
oPerform other duties as assigned to support departmental and organizational objectives
Key Qualifications
üEducation and Experience
oBachelor's degree in Computer Science, Information Technology, or related field, or equivalent work experience
oMinimum 5-7 years of experience in systems administration, network administration, or related IT infrastructure roles
oDemonstrated experience administering Microsoft Azure and Microsoft 365 environments
oProven experience with Active Directory administration in enterprise environments
oExperience with enterprise virtualization platforms (VMware, Hyper-V, or equivalent)
oExperience with enterprise backup and recovery solutions
üTechnical Skills
oExtensive experience with Microsoft cloud and on-premises infrastructure, including Azure services (compute, storage, virtual networks), Microsoft 365 administration (Exchange Online, SharePoint, Teams), Active Directory Domain Services, Group Policy, and hybrid identity solutions (Azure AD Connect)
oExperience configuring Microsoft Entra ID as an Identity Provider for third-party applications, including SSO implementations (SAML 2.0, OAuth 2.0, OpenID Connect), automated user provisioning with SCIM 2.0, managing app registrations and service principals, configuring API permissions and consent, and troubleshooting authentication and authorization issues.
oExperience with enterprise virtualization platforms (VMware vSphere, Microsoft Hyper-V) and storage systems (SAN/NAS technologies)
oHands-on experience with enterprise backup and recovery solutions (Veeam or equivalent), including disaster recovery planning and business continuity principles
oExperience implementing server hardening techniques, security baseline configurations, and industry security frameworks (CIS, DISA STIGs, NIST)
oSolid understanding of networking concepts including TCP/IP, routing, switching, VLANs, and subnetting
oExperience with enterprise wireless networking solutions (Ruckus or equivalent platforms)
oHands-on experience with enterprise firewall administration (Palo Alto or similar next-generation firewalls)
oKnowledge of DNS architecture, configuration, and troubleshooting
oExperience with SSL/TLS certificate management and PKI infrastructure
oProficiency in creating technical documentation and network/system diagrams
oStrong analytical and troubleshooting skills with the ability to resolve complex technical issues
oDemonstrated experience using generative AI tools (such as ChatGPT, Claude, GitHub Copilot, or similar platforms) to enhance systems administration work, including script development, troubleshooting assistance, documentation creation, and problem-solving
oAbility to effectively craft prompts and leverage AI assistance for technical tasks, including code generation, log analysis, configuration troubleshooting, and technical documentation
oUnderstanding of generative AI capabilities and limitations in IT operations contexts, including awareness of security considerations and data privacy when using AI tools
üProfessional Competencies
oExcellent written and verbal communication skills with the ability to effectively interact with technical teams, leadership, and business stakeholders, and explain technical concepts to non-technical audiences
oProven ability to work independently and manage multiple priorities
oExperience working in a team-oriented, collaborative environment
oCommitment to maintaining security and compliance best practices
oDemonstrated commitment to continuous learning, professional development, and adapting to emerging technologies
oFlexibility to work non-standard hours, including evenings and weekends when necessary
oStrong attention to detail and organizational skills
Do you have…
üBachelor's degree in an applicable academic discipline or related field of study
ü5 years of experience with local government, nonprofit programs, schools, or in job-related duties
Preferred…
üCertifications
oMicrosoft certifications: Azure Administrator Associate, Azure Solutions Architect Expert, Microsoft 365 Enterprise Administrator Expert, or Windows Server Hybrid Administrator Associate
oVMware Certified Professional (VCP) or Microsoft Certified: Azure Virtual Desktop Specialty
oVeeam Certified Engineer (VMCE) or Veeam Certified Architect (VMCA)
oPalo Alto Networks Certified Network Security Administrator (PCNSA) or higher
oRuckus Certified Professional or equivalent wireless networking certification
oSecurity certifications such as CompTIA Security+, CISSP, or equivalent
oSplunk Core Certified User or Splunk Enterprise Certified Admin
üAdditional Experience and Skills
oExperience with backup and disaster recovery technologies, including Veeam Backup & Replication, Exagrid deduplication appliances, iLand cloud services, Azure Backup, and Azure Site Recovery
oExperience managing enterprise storage arrays (EMC VNX, HP Alletra) and planning virtualization platform migrations (VMware to Hyper-V or similar)
oExperience supporting Azure data and analytics services such as Microsoft Fabric, Azure Synapse Analytics, or Azure Data Lake
oFamiliarity with Azure AI/ML services infrastructure requirements (Azure Machine Learning, Cognitive Services, Azure Data Lake) and ability to collaborate with data engineering and analytics teams.
oExperience with federated identity management, advanced Entra ID features including Conditional Access, Identity Protection, Privileged Identity Management (PIM), and multi-factor authentication (MFA) policies
oKnowledge of identity and access management (IAM) standards and protocols including SAML, OAuth 2.0, OpenID Connect, SCIM, and JWT tokens
oExperience with Cloudflare services including CDN, WAF, and DNS management
oHands-on experience with Splunk for SIEM, log management, and analytics
oExperience implementing CIS Benchmarks, DISA STIGs, or other hardening frameworks
oExperience with automation and infrastructure as code technologies including PowerShell, Azure CLI, Terraform, Azure Resource Manager templates, and configuration management tools (Desired State Configuration, Ansible, Puppet, Chef)
oProficiency with diagramming tools such as Microsoft Visio, Lucidchart, Draw.io, or similar platforms
oFamiliarity with ITIL frameworks and change management processes
oKnowledge of SD-WAN technologies and implementation
oKnowledge of security and compliance frameworks including zero trust architecture, SOC 2, ISO 27001, HIPAA, and related standards
oExperience with Windows Server and Linux server administration
oKnowledge of privileged access management (PAM) solutions
oPrevious experience in a leadership or mentoring role
oProject management experience or PMP certification
oExperience presenting technical information to executive leadership and business stakeholders
H-GAC is the region-wide voluntary association of local governments in the 13 county Gulf Coast region of Texas. Its service area is 12,500 square miles and contains more than 7 million people. H-GAC's mission is to serve as the instrument of local government cooperation, promoting the region’s orderly development and the safety and welfare of its citizens. H-GAC is the regional organization through which local governments consider issues and cooperate in solving area-wide problems.
