Cloud Windows Infrastructure Engineer
Job Purpose
As Senior Windows Infrastructure Engineer, you are the technical anchor for the Windows estate that powers Gresham's managed services platform β a multi-client environment hosted on AWS. The work is grounded in deep Windows Server operations: Active Directory, IIS, hybrid identity, Group Policy, PowerShell, certificate services, and the wider Microsoft ecosystem.
AWS is the platform on which all of this runs. Comfort with the cloud layer matters and you will operate it daily, but it is the Microsoft stack β and its operational nuance β that defines this role. We hire for deep Windows expertise first; the cloud layer is something a strong sysadmin can absorb.
The estate is Windows Server 2019 and above, end-to-end. Linux footprint is negligible β this is a role for someone who wants to go deep on the Microsoft stack rather than be spread thin across platforms.
This is a 100% individual contributor role. You will not manage or lead a team. You will own complex incidents end-to-end, set technical standards by example, and act as the senior escalation point for the Cloud Support function.
Role ResponsibilitiesLead resolution of complex Windows Server incidents across multi-client, AWS-hosted environments β from triage to root cause to remediation.
Administer and harden Windows Server 2019/2022/2025: Active Directory (forest/domain design, replication, FSMO, GPOs, trusts), DNS, DHCP, IIS, WSUS, AD CS, file & print services.
Operate hybrid identity: AD on-prem β AWS Managed Microsoft AD, federation with Entra ID (Azure AD) / AD FS, SAML / OIDC / OAuth, Kerberos, MFA.
Author and maintain PowerShell automation: bulk administration, scheduled tasks, configuration drift correction, reporting, and DSC where appropriate.
Operate the AWS hosting layer for Windows workloads: EC2, EBS, VPC, IAM, Route 53, CloudWatch, Systems Manager (Patch Manager, Session Manager, Run Command), Backup, Directory Service.
Manage IIS in depth: sites, application pools, bindings, ARR / URL Rewrite, SSL/TLS, failed request tracing, and performance tuning.
Drive observability of the Windows estate: event log strategy, performance baselines, CloudWatch metrics & alarms, Grafana dashboards.
Author runbooks, SOPs, and knowledge base articles to codify operational standards.
Participate in ITIL incident, problem, and change management; act as senior on-call escalation.
Essential Skills & Experience
Windows Server & Microsoft Infrastructure (Primary)7+ years operating Windows Server in production, with deep hands-on experience on Windows Server 2019 and above.
Active Directory at depth: forest/domain design, replication, FSMO roles, trusts, sites & services, schema, tombstone & recovery.
Group Policy at scale: design, troubleshooting (RSoP, gpresult), security baselines, WMI filtering.
IIS at depth: site & app pool configuration, ARR, URL Rewrite, SSL/TLS, failed request tracing, performance tuning.
DNS, DHCP, WSUS, and Active Directory Certificate Services (AD CS) β real operational experience.
Advanced PowerShell: scripting, modules, remoting, error handling, automation patterns, DSC familiarity.
Windows patching at scale: planning, deployment, rollback, and troubleshooting in regulated environments.
Windows performance troubleshooting: PerfMon, ETW, memory dump analysis, IIS request diagnostics.
Identity & AuthenticationHybrid identity: AD on-prem β cloud, Entra ID (Azure AD) Connect / federation, AD FS.
SAML 2.0, OIDC, OAuth 2.0, Kerberos, LDAP, MFA β practical implementation and troubleshooting.
Certificate management and PKI in enterprise Windows environments.
AWS Hosting Platform (Operational Competence)Day-to-day comfort operating Windows workloads in AWS: EC2, EBS, VPC, IAM, Route 53, CloudWatch.
AWS Systems Manager for Windows fleet management: Patch Manager, Session Manager, Run Command, State Manager, Parameter Store.
AWS Directory Service / Managed Microsoft AD / AD Connector.
Note: Deep AWS architect-level expertise is not required. We hire for Windows depth; the cloud layer is the platform, and we expect strong fundamentals plus willingness to grow.
Service Operations & Remote WorkingStrong ITIL grounding: incident, problem, change, and service lifecycle management.
Prior experience in an MSP or shared-services environment β multiple client estates managed under SLA.
Advanced / fluent professional English, written and spoken.
Reliable, distraction-free home office with stable broadband (100 Mbps+ recommended), reliable power, and a professional video setup.
Ability to work New York-aligned hours consistently, with the same presence and responsiveness as an office-based colleague.
Working Hours, Remote Setup & Engagement
This role is 100% remote and 100% individual contributor. To match the responsiveness of an office-based engineer:Working hours: You will operate aligned to New York business hours (08:30β17:30 ET). Typical Brazil hours: 09:30β18:30 BRT during EDT (US summer) and 10:30β19:30 BRT during EST (US winter). You must be online, responsive, and actively engaged throughout core hours, the same as if you were sat with the team in the office.
Home office: Quiet, ergonomic workspace with stable broadband (100 Mbps+ recommended), reliable power, and a professional video / audio setup. This is not a digital-nomad role.
Engagement model: PJ (Pessoa JurΓdica) or via Employer of Record β confirmed during recruitment. Tax, invoicing, and benefits arrangements discussed at offer stage.
Equipment & expenses: Discussed at offer stage.
On-call: Participation in a senior escalation rota for major incidents β compensated in line with policy.
Equal Opportunities Statement
At Gresham, we are committed to building a diverse and inclusive workforce that reflects the communities we serve. We actively encourage applications from individuals of all backgrounds and are dedicated to providing a workplace where everyone feels valued, respected and supported.
We make employment decisions based on merit, skills and potential, and do not discriminate based on any protected characteristic. We are also committed to making reasonable adjustments throughout the recruitment process and employment lifecycle.
Apply To This Job