NOW HIRING

IT Systems Administrator

BCG Corp  |  100% Remote (US-based)  |  Full-time  |  Travel <5%

Bernardo Consulting Group (BCG) is an independent physical security consulting firm headquartered in Denton, TX. We design access control, video surveillance, and intrusion detection systems for hyperscale data centers and critical-infrastructure clients across North America.

We are a lean, founder-led firm in a growth phase. Our internal IT environment is held to the same standards we recommend to our clients — small in headcount, but enterprise-grade in architecture, security posture, and operational discipline. We invest in process, people, and the long view, and our people own meaningful pieces of the business from day one.

The IT Systems Administrator is the second technical seat on the BCG IT team, reporting to the IT Manager. The role is built to be more than day-to-day maintenance: you will own routine operations to keep the environment running reliably, and you will also have direct input on where the department goes next — project design work, evaluating and recommending new technology, and improving the processes and tooling we already run. As BCG and the IT team grow, you have the opportunity to grow with us.

BCG runs a primarily on-premises environment alongside a growing Microsoft 365 / Entra ID / Intune tenant, so this is a hands-on, broad generalist role — backup verifications, firewall rule changes, and Linux server patching can all land in the same afternoon. We are looking for an adaptable person with a broad skill set who enjoys going down the rabbit hole to find the answer.

This is a high-trust, self-directed role. Sound judgment, follow-through, and the discipline to document your work and know when to escalate are essential.

Server & Virtualization Infrastructure

• Administer the Hyper-V host fleet — VM lifecycle, resource allocation, checkpoints, and host health.
• Maintain Windows Server workloads and roles.
• Maintain the expanding fleet of Linux (Ubuntu) servers.
• Monitor capacity, performance, and health across the fleet; respond to alerts per runbook and escalate or remediate by severity.

Network & Connectivity

• Administer firewalls, routers, and managed switches.
• Maintain VPN and overlay-network connectivity (Tailscale, WireGuard).
• Diagnose connectivity and performance issues using logs, packet captures, and the Grafana / Prometheus telemetry stack; produce post-incident notes when changes are made.

Backup, BC/DR, and Data Protection

• Operate BCG’s 3-2-1 backup architecture and verify backup job success daily; investigate failures.
• Run periodic restore tests against documented RTO / RPO targets.
• Contribute to disaster recovery runbooks and failover procedures.

Security Operations

• Tune Microsoft Defender for Endpoint policies and Attack Surface Reduction (ASR) rules; review Defender recommendations and incident queues, and act on high-severity alerts.
• Investigate phishing, suspicious sign-ins, and endpoint anomalies, escalating to the IT Manager.
• Assist with and run monthly enterprise patching via Action1.
• Support vulnerability scanning and penetration testing — quarterly scans, annual external penetration test coordination, and remediation tracking.

Identity, Endpoint, and End-User Support

• Administer Active Directory, Entra ID, and Microsoft Intune, helping integrate them into a single identity-and-endpoint plane as BCG’s Entra footprint matures.
• Own new-hire onboarding and offboarding end-to-end, and help streamline and standardize the process (checklists, automation, repeatable provisioning) so it scales cleanly as BCG grows.
• Provide responsive Tier 2 support to BCG’s remote employees. End-user support is a smaller part of this role than a typical helpdesk job — BCG is a small, largely self-sufficient team — so a genuine service mindset and sound judgment with non-technical colleagues matter more than appetite for a high-volume ticket queue.

Asset & License Management

• Maintain the hardware and software asset inventory.
• Own license management across Microsoft 365 / Entra, Action1, and other tooling: track assignments, renewal and true-up dates, and reclaim licenses at offboarding.
• Reconcile inventory and licensing periodically against actual deployment, flagging gaps, shortfalls, and renewal risks.

Documentation & Continuous Improvement

• Maintain accurate documentation — network and infrastructure diagrams, asset inventory, and patch rosters.
• Keep runbooks current for recurring operations (backup verification, patch cycle, restore tests, incident response).
• Keep BCG SOPs up to date as the environment and team evolve.

What You Bring

• 6+ years of hands-on systems administration experience in a Microsoft-centric environment.
• Demonstrated proficiency administering Windows operating systems (Windows 11 endpoints, Windows Server 2022).
• Strong working knowledge of Active Directory, Entra ID, and Group Policy.
• Strong networking fundamentals — VLANs, routing / switching, firewall rules, DNS, and DHCP.
• Working knowledge of enterprise patch management and enterprise backup principles.
• Strong written documentation skills — able to produce runbooks, SOPs, and incident write-ups suitable for non-technical readers.
• Customer-service orientation — professional and patient with non-technical users — paired with a preference for back-end and infrastructure work over a high-volume support desk.
• Availability for occasional after-hours maintenance windows and as secondary on-call for urgent incidents; ability to provide approximately two weeks of standalone coverage during the IT Manager’s planned absences.
• Self-directed — comfortable working unsupervised, with the judgment to know when to escalate.
• U.S. citizenship and eligibility for U.S. government security clearance.

Nice to Have

BCG also runs the following platforms. Hands-on experience with any of them is a strong plus, but not required.

• Proxmox — production hypervisor experience.
• Linux server administration — primarily Ubuntu.
• pfSense advanced features — pfBlockerNG, Suricata / Snort, HAProxy, or similar.
• WireGuard and Tailscale — VPN and overlay networking.
• Observability tooling — Grafana, Prometheus, or equivalent.

Work Setup

This is a 100% remote role open to US-based candidates in any state. Hours are flexible, with some evening or weekend work necessary for maintenance windows. Travel is minimal (under 5%). BCG provides all necessary equipment — laptop, monitor, and standard peripherals — shipped directly to your home. You will need a stable, secure, high-speed internet connection and a private workspace suitable for handling confidential systems and communications.

Base salary range $95,000 – $105,000, commensurate with experience. BCG benefits include medical, dental, and vision coverage; a 401(k); paid time off, paid holidays, and sick leave per the BCG employee handbook; and company-provided equipment with certification reimbursement available with approval.

BCG operates under an Employee Ownership & Profit Sharing principle; specific eligibility and timing are confirmed during the offer process.

To apply, please submit your resume and a brief cover letter to https://bernardoconsultinggroup.com/

In your cover letter, please share a brief example of an infrastructure or operations problem you owned end-to-end — the environment, what you changed, and the outcome.

Our hiring process includes an initial phone screen, a skills assessment, a panel interview, reference checks, and a background check prior to offer extension.

BCG Corp is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. We are committed to building a workforce that reflects the communities we serve and to providing reasonable accommodations to qualified individuals with disabilities throughout the hiring process. If you require an accommodation, please contact us at the application address above.