Systems Administrator - Tier II
Yield Solutions Group · Englewood, CO · 1 wk ago
On-siteInformation Technology$80k–$100k/yrFull-time
Key Responsibilities
- Identity & Access Management
- Provision and deprovision user accounts across Active Directory, AWS IAM, and the full RefiJet SaaS stack.
- Resolve Tier I escalations in this domain: stuck MFA enrollments, IAM role misconfigurations, permission conflicts in GitLab, and access inconsistencies that require actual investigation to diagnose.
- Maintain access documentation that reflects current state at all times. In a SOC 2 environment, access records are audit evidence.
- Endpoint & Device Management
- Image, configure, and manage workstations across the organization using Microsoft Intune and Autopilot.
- Verify endpoint compliance against SOC 2 control requirements using Intune's compliance reporting. When a gap surfaces — and SOC 2 audits surface them — you own the remediation and the written record of what you did.
- Troubleshoot Autopilot enrollment failures and Intune policy conflicts before they require escalation.
- Cover the full device lifecycle from Autopilot enrollment and provisioning profile assignment through Intune configuration policy application, compliance policy enforcement, and patch cycle execution — scheduling, documentation, and remediation included.
- Server & Infrastructure Operations
- Monitor on-prem and AWS resources on a routine basis: health checks, capacity monitoring, performance baselines.
- Execute maintenance windows, including OS patching, disk management, and scheduled restarts. Coordinate with DevOps before touching anything that sits under the Java Spring Boot services running in AWS.
- Document all infrastructure changes in a change log that can be reviewed without your presence to explain it.
- Network & Connectivity
- Manage DNS and DHCP configurations. Troubleshoot VPN issues at the routing and configuration level, not just the client level. Review firewall ACLs when connectivity issues require it.
- Security Operations
- Participate in vulnerability remediation cycles under the direction of the Director of IT/InfoSec. This means executing the operational work: patching, configuration changes, verification, and documentation.
- Work with the DevOps team to respond to Datadog alerts that are security-adjacent with the same operational rigor as any other alert: acknowledge, work the runbook, escalate with context when the runbook doesn't resolve it.
- Enforce endpoint compliance policies in a way that holds up against FCRA, GLBA, and SOC 2 requirements. The Director of IT/InfoSec owns the strategy; this role is the operational execution arm.
- Application & SaaS Administration
- Administer the full productivity and collaboration stack at the admin level: GitLab, AWS console access management, and the line-of-business applications that support the loan processing pipeline.
- Handle backend configuration changes that end users never see — permission structures, integration settings, SSO configurations, license management — and document every change.
- Serve as the internal subject matter contact for admin-level issues on the platforms you own. When something breaks in a way users cannot fix themselves, it comes here.
- Backup & Recovery
- Verify that backup jobs completed successfully across all covered systems. Identify and respond to failures before they become recovery events.
- Work with the DevOps team to run scheduled restore tests against PostgreSQL and MariaDB instances connected to live lender data. Document the results in a format that demonstrates the test was actually performed and the restore was actually validated.
- Maintain recovery documentation that is current and tested, not aspirational.
- Monitoring & Alerting
- Own the operational response side: acknowledging alerts, working through established runbooks, and escalating with full context when escalation is warranted.
- Contribute to runbook maintenance when gaps or inaccuracies are identified. You are not building the observability stack — that is DevOps — but you are its primary operational consumer, and that means you have standing to flag when it needs improvement.
- Documentation
- Maintain runbooks, SOPs, and change logs for every operational domain you own. This is not supplemental work — it is a core deliverable in a SOC 2 environment.
- Write documentation that a colleague or auditor can follow independently, without asking you clarifying questions. Ambiguous documentation in a regulated environment is a liability.
- Escalation Triage
- Receive everything Tier I cannot resolve. Diagnose it accurately. Either resolve it or escalate it — to DevOps, InfoSec, or a vendor — with a specific, well-documented problem statement.
- The standard here is clean handoff, not necessarily full resolution. Passing a vague ticket upward is not an acceptable outcome at any escalation level.
- 3+ years in a systems administration role, with clear Tier II or higher responsibilities (not just Tier I volume with a different title)
- Active Directory administration: user and group management, group policy, troubleshooting authentication and access issues in Windows-based environments
- Microsoft Intune: configuration policy management, compliance policy enforcement, device enrollment, and the compliance reporting that SOC 2 audits require
- Microsoft Autopilot: deployment profile creation and assignment, enrollment troubleshooting, and hardware provisioning workflows for new and replacement devices
- AWS IAM at an operational level: creating and managing roles, policies, and users; identifying and resolving access misconfigurations; understanding how IAM interacts with services running in the environment
- Datadog or equivalent monitoring platform: alert acknowledgment, runbook execution, escalation workflows, and enough observability literacy to know when an alert is noise versus signal
- Network fundamentals applied in practice: DNS and DHCP configuration management, VPN troubleshooting beyond the client layer, firewall ACL review, routing concepts sufficient to diagnose and describe connectivity issues accurately
- Backup and recovery: hands-on experience verifying job completion, executing restore tests, and documenting results for production database environments
- GitLab or equivalent DevOps platform administration at the admin level — not just as a user
- SOC 2 operational familiarity: what documentation compliance looks like in practice, what an auditor expects, and how to build habits that hold up under review
- Written communication that produces clear, self-contained runbooks and change logs — not notes that only make sense if you wrote them
- Experience with auto lending, auto refinancing, or consumer credit products
- Familiarity with loan origination systems (LOS), credit decisioning, or lending infrastructure
- Experience working with external partners or B2B clients in a product-led organization
- Base Salary: $80,000 - $100,000 annually, commensurate with experience
- Bonus: Performance-based incentives tied to company and individual goals
- Benefits: Comprehensive benefits including health, dental, vision, life insurance, 401(k), PTO, career development opportunities, and the chance to join Denver's Best Place to Work (2024 & 2025) with a dynamic culture focused on internal promotion and employee growth.
Required Skills & Experience
Nice to Have
Compensation & Benefits
Equal Opportunity Statement
Yield Solutions Group is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants.