Systems Administrator (L3) - Concord, CA
Valid8 Financial, Inc., Concord, CA, United States
MSP4, LLC | Full-Time | Onsite | Up to 10% Regional Travel
About the Role
This is a hands‑on operational role. You own the day‑to‑day administration of client infrastructure: Windows Server, virtualization clusters, SAN and HCI storage, backup, Microsoft 365 and Azure tenants, and defined‑scope network change work. You implement, operate, and maintain inside the framework set by the Principal Solutions Architect and the Senior Engineering team. Your role is to turn an approved design into a running, monitored, documented environment that passes audit. Design authority sits above your tier.
At the L3 tier, you sit between the L2 Field Support Technicians and Senior Infrastructure and Network Security Engineering. L2 escalations land with you. Design questions and architecturally novel changes escalate up from you. You own the outcome at the server and platform layer at your assigned locations, and you touch the client environment every day.
This is a full onsite role at a client facility in your posted location, with regional coverage for nearby MSP4 clients where it applies. Context switching across clients and priorities throughout the day is part of the job. Compliance weight is real: CMMC L2, NIST 800‑171, and SOC 2 are active requirements in this client base.
What You Will Do
Administer Windows Server environments: Active Directory, DNS, DHCP, Group Policy, file and print services, certificate services at an operational level
Operate VMware vSphere or Microsoft Hyper‑V clusters day to day: VM lifecycle, capacity monitoring, host patching, vMotion or Live Migration, HA and DRS behavior, snapshot hygiene
SAN and HCI storage operations (NetApp, Pure Storage, Nutanix, VMware vSAN): provisioning, volume and LUN changes, capacity monitoring, health checks. Storage architecture sits with Senior Infrastructure Engineering.
Veeam Backup and Replication operations: job management, backup verification, restore execution, immutable repository and tape operations where applicable, backup gap remediation
Network change execution at a defined scope: firewall rule adds and modifications against approved standards, VLAN configuration on managed switches, switch port and access layer work. Routing, firewall architecture, and policy design sit with Senior Network Security Engineering.
Microsoft 365 and Azure tenant administration: identity, licensing, Intune policy application, Conditional Access within established standards, basic tenant hygiene
Operational SQL Server work in support of client ERP and line‑of‑business applications: installation, patching, version upgrades, backup coordination with Veeam, baseline instance administration. DBA‑level query tuning, indexing, and application‑side schema sit with client DBAs or application vendors.
L2 escalation ownership: take the tickets that pass the endpoint and site layer, resolve within scope, or escalate cleanly to Senior Engineering
STIG application and NIST 800‑171 control execution at the server layer in support of CMMC L2 and SOC 2
Client communication on infrastructure work, change windows, and incident response. You talk directly to client technical contacts and to non‑technical stakeholders.
Documentation: change records, operational runbooks, and audit‑ready configuration records. Written so another engineer can operate the environment without asking you questions.
What You Bring
4 to 6 years of systems administration experience in a multi‑client service delivery environment
US person status and US‑based work location. You must be based in the United States and qualify as a US person (US citizen, US national, lawful permanent resident, or protected individual under US law). This role's access to Controlled Unclassified Information (CUI) and export‑controlled systems is restricted under CMMC L2 and US export control regulations.
Windows Server operational depth: Active Directory, DNS, DHCP, Group Policy, PKI basics, file and print services. Operational depth, not surface familiarity.
Production virtualization experience on VMware vSphere or Microsoft Hyper‑V: host and cluster administration, VM lifecycle, patching, snapshot management, HA and DRS behavior at an operator level
Working SAN or HCI storage operations across at least one of NetApp ONTAP, Pure Storage, Nutanix, or VMware vSAN. You can provision, monitor, and resize. You know when a storage change exceeds your scope and sits with Senior Infrastructure Engineering.
Veeam Backup and Replication operational experience: backup jobs, restores, repository management, backup failure triage
Network operations at a defined scope: firewall rule changes against an approved standard, VLAN configuration, switch port and access layer work. You know when to stop and escalate to Senior Network Security Engineering.
Microsoft 365 and Azure tenant administration at a production level, including Intune and Conditional Access within established standards
Operational SQL Server familiarity: installation, patching, licensing awareness, backup coordination with Veeam, basic instance administration. Platform‑level work, not DBA‑level query optimization.
Working knowledge of STIG application and NIST 800‑171 control execution at the server layer
Ticketing discipline in a PSA (HaloPSA preferred; ConnectWise, Autotask, ServiceNow, or equivalent also transferable). Change records clean and audit‑ready.
Communication that works three ways: with non‑technical client stakeholders, with the L2 Field Support Technicians below you in the escalation path, and with Senior Engineering above
Relevant certifications are a plus, not a requirement. Useful credentials include Microsoft Azure Administrator Associate (AZ‑104), Windows Server Hybrid Administrator Associate (AZ‑800/AZ‑801), VMware VCP, and Veeam VMCE.
Prior experience in a multi‑client service delivery environment
How We Work
MSP4 does not operate like a traditional IT department or a ticket‑centric help desk. We function as embedded IT for our clients, accountable to their outcomes. Roles are tiered so a multi‑client environment stays auditable and consistent under CMMC L2, NIST 800‑171, and SOC 2. L2 owns the endpoint and site layer. You, at L3, own server and platform operations. Senior Engineers own implementation of complex infrastructure. The Principal Solutions Architect owns design.
We are building the operating model in real time. Some procedures are documented; others are still being written. At L3 you operate against what exists, flag what does not, and propose improvements within your scope. Platform redesign sits with Senior Engineering and the Principal Solutions Architect.
Candidates who need full design authority to feel effective should pass on this role. Candidates who take satisfaction in clean operational execution, in improving the environments they touch, and in closing the gap between a well‑designed system and a well‑run one will do well here. We expect L3 engineers to push back when something is wrong; we do not expect them to redesign based on personal preference.
About MSP4
MSP4, LLC provides infrastructure, security, and IT advisory services to mid‑market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2.
We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.
MSP4 is hiring for this role in multiple U.S. cities. Other open positions are listed alongside this one.
JD v2.0.
#J-18808-Ljbffr
About the Role
This is a hands‑on operational role. You own the day‑to‑day administration of client infrastructure: Windows Server, virtualization clusters, SAN and HCI storage, backup, Microsoft 365 and Azure tenants, and defined‑scope network change work. You implement, operate, and maintain inside the framework set by the Principal Solutions Architect and the Senior Engineering team. Your role is to turn an approved design into a running, monitored, documented environment that passes audit. Design authority sits above your tier.
At the L3 tier, you sit between the L2 Field Support Technicians and Senior Infrastructure and Network Security Engineering. L2 escalations land with you. Design questions and architecturally novel changes escalate up from you. You own the outcome at the server and platform layer at your assigned locations, and you touch the client environment every day.
This is a full onsite role at a client facility in your posted location, with regional coverage for nearby MSP4 clients where it applies. Context switching across clients and priorities throughout the day is part of the job. Compliance weight is real: CMMC L2, NIST 800‑171, and SOC 2 are active requirements in this client base.
What You Will Do
Administer Windows Server environments: Active Directory, DNS, DHCP, Group Policy, file and print services, certificate services at an operational level
Operate VMware vSphere or Microsoft Hyper‑V clusters day to day: VM lifecycle, capacity monitoring, host patching, vMotion or Live Migration, HA and DRS behavior, snapshot hygiene
SAN and HCI storage operations (NetApp, Pure Storage, Nutanix, VMware vSAN): provisioning, volume and LUN changes, capacity monitoring, health checks. Storage architecture sits with Senior Infrastructure Engineering.
Veeam Backup and Replication operations: job management, backup verification, restore execution, immutable repository and tape operations where applicable, backup gap remediation
Network change execution at a defined scope: firewall rule adds and modifications against approved standards, VLAN configuration on managed switches, switch port and access layer work. Routing, firewall architecture, and policy design sit with Senior Network Security Engineering.
Microsoft 365 and Azure tenant administration: identity, licensing, Intune policy application, Conditional Access within established standards, basic tenant hygiene
Operational SQL Server work in support of client ERP and line‑of‑business applications: installation, patching, version upgrades, backup coordination with Veeam, baseline instance administration. DBA‑level query tuning, indexing, and application‑side schema sit with client DBAs or application vendors.
L2 escalation ownership: take the tickets that pass the endpoint and site layer, resolve within scope, or escalate cleanly to Senior Engineering
STIG application and NIST 800‑171 control execution at the server layer in support of CMMC L2 and SOC 2
Client communication on infrastructure work, change windows, and incident response. You talk directly to client technical contacts and to non‑technical stakeholders.
Documentation: change records, operational runbooks, and audit‑ready configuration records. Written so another engineer can operate the environment without asking you questions.
What You Bring
4 to 6 years of systems administration experience in a multi‑client service delivery environment
US person status and US‑based work location. You must be based in the United States and qualify as a US person (US citizen, US national, lawful permanent resident, or protected individual under US law). This role's access to Controlled Unclassified Information (CUI) and export‑controlled systems is restricted under CMMC L2 and US export control regulations.
Windows Server operational depth: Active Directory, DNS, DHCP, Group Policy, PKI basics, file and print services. Operational depth, not surface familiarity.
Production virtualization experience on VMware vSphere or Microsoft Hyper‑V: host and cluster administration, VM lifecycle, patching, snapshot management, HA and DRS behavior at an operator level
Working SAN or HCI storage operations across at least one of NetApp ONTAP, Pure Storage, Nutanix, or VMware vSAN. You can provision, monitor, and resize. You know when a storage change exceeds your scope and sits with Senior Infrastructure Engineering.
Veeam Backup and Replication operational experience: backup jobs, restores, repository management, backup failure triage
Network operations at a defined scope: firewall rule changes against an approved standard, VLAN configuration, switch port and access layer work. You know when to stop and escalate to Senior Network Security Engineering.
Microsoft 365 and Azure tenant administration at a production level, including Intune and Conditional Access within established standards
Operational SQL Server familiarity: installation, patching, licensing awareness, backup coordination with Veeam, basic instance administration. Platform‑level work, not DBA‑level query optimization.
Working knowledge of STIG application and NIST 800‑171 control execution at the server layer
Ticketing discipline in a PSA (HaloPSA preferred; ConnectWise, Autotask, ServiceNow, or equivalent also transferable). Change records clean and audit‑ready.
Communication that works three ways: with non‑technical client stakeholders, with the L2 Field Support Technicians below you in the escalation path, and with Senior Engineering above
Relevant certifications are a plus, not a requirement. Useful credentials include Microsoft Azure Administrator Associate (AZ‑104), Windows Server Hybrid Administrator Associate (AZ‑800/AZ‑801), VMware VCP, and Veeam VMCE.
Prior experience in a multi‑client service delivery environment
How We Work
MSP4 does not operate like a traditional IT department or a ticket‑centric help desk. We function as embedded IT for our clients, accountable to their outcomes. Roles are tiered so a multi‑client environment stays auditable and consistent under CMMC L2, NIST 800‑171, and SOC 2. L2 owns the endpoint and site layer. You, at L3, own server and platform operations. Senior Engineers own implementation of complex infrastructure. The Principal Solutions Architect owns design.
We are building the operating model in real time. Some procedures are documented; others are still being written. At L3 you operate against what exists, flag what does not, and propose improvements within your scope. Platform redesign sits with Senior Engineering and the Principal Solutions Architect.
Candidates who need full design authority to feel effective should pass on this role. Candidates who take satisfaction in clean operational execution, in improving the environments they touch, and in closing the gap between a well‑designed system and a well‑run one will do well here. We expect L3 engineers to push back when something is wrong; we do not expect them to redesign based on personal preference.
About MSP4
MSP4, LLC provides infrastructure, security, and IT advisory services to mid‑market professional services, manufacturing, distribution, legal, and government clients across the United States. Our commercial practice and regulated practice serve organizations with serious compliance requirements including SOC 2 Type II and CMMC Level 2.
We are a small team. Every person on it has direct impact on client outcomes. The ladder is tiered for scope and audit; access is not. Everyone here has direct access to everyone else, up to and including the CEO.
MSP4 is hiring for this role in multiple U.S. cities. Other open positions are listed alongside this one.
JD v2.0.
#J-18808-Ljbffr