Back to jobs
Job Description
Senior Systems Engineer
About CanCap
CanCap Group delivers fully managed programs for third-party financial institutions. We are hiring a Senior Systems Engineer to design, automate, and operate the core infrastructure our business runs on, and to help raise the engineering bar across the team.
You will join a focused infrastructure team responsible for hybrid identity, cloud, network, endpoint, and the automation that ties them together. The role combines architecture and engineering with hands-on Tier-3 ownership of the systems you build.
Key Responsibilities
- Design and evolve hybrid infrastructure across Google Cloud Platform and Azure: identity, networking, security controls, monitoring, and cost.
- Own networking and routing end to end - design, configure, monitor, and troubleshoot LAN/WAN, IPSec/VPN tunnels, routing, and firewall policy.
- Build and maintain automation and platform integrations across line-of-business applications using scripting, workflow automation, and infrastructure-as-code.
- Ensure the endpoint fleet is reliably and securely managed through Intune, Autopilot, and RMM tooling, including patching, configuration baselines, imaging, endpoint security, and access controls.
- Lead Tier-3 escalations and incident response for critical infrastructure failures and outages. Drive issues to resolution and to documented root cause.
- Reduce operational toil through automation, improve reliability and availability, and continuously raise the quality bar on how the environment is run.
- Maintain runbooks, architecture documentation, and knowledge base content for the systems you own.
- Evaluate and adopt emerging technologies like AI-based operations tooling, modern access approaches, and successor patterns to legacy infrastructure, and recommend where they belong in our stack.
- Mentor teammates and partner with help desk, application owners, security, and operations on shared initiatives.
Required Skills & Experience
- 7+ years of hands-on experience in senior systems, or infrastructure engineering roles.
- Good fundamentals across networking and security: routing, switching, LAN/WAN, VPN, IPSec, firewall policy, and PKI.
- Deep expertise in Windows environments: Active Directory (on-premises and hybrid), Windows Server, GPOs, domain trusts, identity management, and Intune.
- Hands-on experience operating hybrid cloud infrastructure on Google Cloud Platform and Azure, including hybrid identity models and conditional access.
- Working fluency with infrastructure-as-code and configuration management (Terraform, Ansible, or equivalent), you build infrastructure as code, not as click-ops.
- Working fluency with monitoring, logging, and observability tooling, and the ability to design alerting that signals real problems.
- Experience in regulated environments (SOC 2, PCI, or equivalent), comfortable working within and contributing to a controls framework.
- Demonstrated ability to work autonomously: scoping problems, choosing an approach, and driving work to production without requiring direction at each step.
- Strong written and verbal communication with technical and business stakeholders, and the ability to document and mentor.
Preferred Skills & Certifications
- Power Platform (Power Apps, Power Automate) for business automation.
- Certifications such as CCNA, CCNP, MS SC-series (Modern Desktop / Enterprise Administrator), Azure/AWS/GCP associate or professional, or PKI/PKCS credentials.
- Experience administering enterprise firewall platforms.
- Telephony, VoIP, or contact center platform experience.
- Familiarity with infrastructure-as-code and orchestration frameworks (Terraform, Ansible).
- Monitoring, logging, and observability tooling.
- IT Service Management exposure and incident/change management frameworks.
- Background in regulated environments (financial services, PCI, SOC 2).
What You’ll Bring to the Team
- Technical Ownership & Accountability. You take full ownership of critical incidents and projects and drive them from inception to a stable, well-documented resolution.
- Autonomy. You operate with minimal direction. You define the problem, scope the solution, and ship it without hand-holding, and you ask for input where it actually matters.
- Proactive & Automation-Minded. You anticipate problems before they become outages and treat repeatable manual work as a defect to be automated away.
- Modern Tech Fluency. You actively track where the industry is going, AI-assisted operations, identity-first security, modern network architectures, and have an informed opinion on what is worth adopting and what is not.
- Business Alignment. You understand that infrastructure exists to support business outcomes and you use that lens to prioritize your work.
- Collaborative Mentor. You lead by example, mentor teammates, and work effectively with cross-functional partners.
Why Join Us
- Broad exposure across network, identity, cloud, endpoint, security, and automation, with measurable impact on how the business runs.
- A genuine engineering role — design and build, not just operate.
- A team that values automation, documentation, reliability, and security.
- A culture of learning, growth, and cross-discipline collaboration.
The Details
Hybrid work structure, 60% in office and 40% remote, subject to business needs. Occasional after-hours work for change windows and major incidents. Successful candidates will pass a criminal background check and employment verification.
Diversity and Inclusion
CanCap Group and our subsidiaries are equal opportunity employers and value diversity. We are committed to building and evolving a team that reflects a variety of backgrounds, perspectives, and skills.