Server Compliance & Automation Specialist

Role Overview

Server Compliance & Automation Specialist

Duration: Two Months

Location: Buckinghamshire & remote (hybrid)

Rate: £400 per day (negotiable)

Start: ASAP

IR35 Status: Inside

We require an experienced Server Compliance & Automation Specialist for a key project which will be focusing on shifting the client's server estate from manual, reactive maintenance to a proactive, automated compliance model.

This project is to harden the client's server estate with the primary objective to bring the current infrastructure into full compliance with security standards.

You will be responsible for the end to end integration of Azure Arc to deploy security agents (MDE); decommission legacy software (Sophos) and implement a sustainable, fully automated patching framework that ensures all servers are visible to the managed SOC.

You will be responsible for the decommissioning of legacy security software, the rapid deployment of modern endpoint protection, and ensuring all assets are correctly represented in our vulnerability and asset management systems.

Essential Skills & Experience

A minimum of 5 years Server Administration experience; ideally within a higher education or large public sector environment.

Able to work autonomously and hit the ground running with good attention to detail in updating their asset records in SNOW.

Have the ability to coordinate with department application owners to schedule brief maintenance windows for security agent swaps.

Possess expert knowledge of Azure Update Manager and Maintenance Configurations

Hands-on experience with Azure Arc (extension management and policy-based onboarding)

MDE deployment, Sophos decommissioning and managed SOC logging requirements

Proficient in MS Intune for server-side security policy enforcement

Proficient in troubleshooting Tenable/Nessus and SNOW Inventory agents

Advanced PowerShell (for Windows) and Bash (for Linux) for automating agent rollouts

Advanced administration experience of Windows Server 2012 R2 through to 2022 and Linux (RHEL/Ubuntu)

Responsibilities

1. Automated Patch Management Framework
   • Azure Update Manager Setup: Design and implement automated patching schedules using Azure Update Manager for all Arc-enabled servers.
   • Maintenance Configurations: Create and assign maintenance configurations based on server roles (e.g., Dev/Test vs. Production) and University-specific maintenance windows.
   • Orchestration & Logic: Configure periodic assessments (24-hour scans) and automated reboot cycles to ensure security updates are applied without manual intervention.
   • Remediation Workflows: Develop a process to automatically identify and retry failed patches, reducing the manual re-work for the permanent infrastructure team.
2. Azure Arc & Security Migration
   • Arc Onboarding: Scale the enrolment of on-premises Windows and Linux servers into Azure Arc. Creation of MDE security policies.
   • MDE & SOC Integration: Deploy the Microsoft Defender for Endpoint (MDE) via Azure Arc for Servers, staff and student shared devices.
   • Ensure telemetry is correctly onboarded to the Managed SOC for immediate threat detection.
   • Microsoft Defender for Cloud: Deployment for API protection where applicable.
   • Sophos Removal: Systematically uninstall legacy Sophos agents once MDE health is verified, ensuring zero "dual-agent" performance impact.
3. Agent Health & Audit Compliance
   • Intune MDM Implementation: Provide assessment and review of current Intune MDM implementation to ensure it has been configured correctly.
   • Intune for Endpoints and Mobile Devices: Enrol all staff, students and mobile devices into Microsoft Intune (Security Management) to enforce baseline security policies and management.
   • SNOW Deployment: Ensure the SNOW Inventory agent is installed and reporting correctly on all servers to maintain an accurate hardware/software asset register.
   • Tenable Management: Verify the health of Tenable/Nessus agents; troubleshoot non-reporting assets to ensure 100% scan coverage for vulnerability management.
   • Tenable/SNOW Maintenance: Identify and fix broken or non-reporting Tenable and SNOW agents to maintain 100% visibility in both scanners and asset registers.
4. Server Upgrades: Upgrades to Server OS ensuring they are compliant with Cyber Essentials and running the latest supported versions.

If this role is of interest then please email your CV to: