Server Compliance & Automation Specialist

Server Compliance & Automation Specialist

Duration: Two Months

Location: Buckinghamshire & remote (hybrid)

Rate: £400 per day (negotiable)

Start: ASAP

IR35 Status: Inside

Role Overview:

We require an experienced Server Compliance & Automation Specialist for a key project which will be focusing on shifting the client's server estate from manual, reactive maintenance to a proactive, automated compliance model.

This project is to harden the clients server estate with the primary objective to bring the current infrastructure into full compliance with security standards.

You will be responsible for the end to end integration of Azure Arc to deploy security agents (MDE); decommission Legacy software (Sophos) and implement a sustainable, fully automated patching framework that ensures all Servers are visible to the managed SOC.

You will be responsible for the decommissioning of Legacy security software, the rapid deployment of modern endpoint protection, and ensuring all assets are correctly represented in our vulnerability and asset management systems.

Essential Skills & Experience required:

A minimum of 5 years Server Administration experience; ideally within a higher education or large public sector environment.

Able to work autonomously and hit the ground running with good attention to detail in updating their asset records in SNOW.

Have the ability to coordinate with department application owners to schedule brief maintenance windows for security agent swaps.

Possess expert knowledge of Azure Update Manager and Maintenance Configurations

Hands-on experience with Azure Arc (extension management and policy-based onboarding)

MDE deployment, Sophos decommissioning and managed SOC logging requirements

Proficient in MS Intune for Server Side security policy enforcement

Proficient in troubleshooting Tenable/Nessus and SNOW Inventory agents

Advanced PowerShell (for Windows) and Bash (for Linux) for automating agent rollouts

Advanced administration experience of Windows Server 2012 R2 through to 2022 and Linux (RHEL/Ubuntu)

Responsibilities include:

1. Automated Patch Management Framework

Azure Update Manager Setup: Design and implement automated patching schedules using Azure Update Manager for all Arc-enabled Servers.
Maintenance Configurations: Create and assign "Maintenance Configurations" based on server roles (eg, Dev/Test vs. Production) and University-specific maintenance windows.
Orchestration & Logic: Configure "Periodic Assessments" (24-hour scans) and automated "Reboot Cycles" to ensure security updates are applied without manual intervention.
Remediation Workflows: Develop a process to automatically identify and retry failed patches, reducing the manual "re-work" for the permanent infrastructure team.

2. Azure Arc & Security Migration

Arc Onboarding: Scale the enrolment of on-premises Windows and Linux Servers into Azure Arc. Creation of MDE security policies.
MDE & SOC Integration: Deploy the Microsoft Defender for Endpoint (MDE) via Azure Arc for Servers, staff and student shared devices.
Ensure telemetry is correctly onboarded to the Managed SOC for immediate threat detection.
Microsoft Defender for API's: Protection for the clients API's, deployment of Microsoft Defender for Cloud
Sophos Removal: Systematically uninstall Legacy Sophos agents once MDE health is verified, ensuring zero "dual-agent" performance impact.

3. Agent Health & Audit Compliance

Intune MDM Implementation: Provide assessment and review of current Intune MDM implementation ensure it has been configured correctly
Intune for End points and Mobile Devices: Enrol all Staff, Students and Mobile Devices into Microsoft Intune (Security Management) to enforce baseline security policies (GPO parity) and management
SNOW Deployment: Ensure the SNOW Inventory agent is installed and reporting correctly on all Servers to maintain an accurate hardware/software asset register.
Tenable Management: Verify the health of Tenable/Nessus agents. You will be responsible for troubleshooting "non-reporting" assets to ensure 100% scan coverage for vulnerability management.
Tenable/SNOW Maintenance: Identify and fix broken or non-reporting Tenable and SNOW agents. The goal is 100% visibility in both the vulnerability scanner and the software asset register.

Server upgrades

Upgrades to Server O/S ensuring they are compliant with Cyber essentials and running the latest supported versions

If this role is of interest then please email your CV to: (see below)

Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.