IT Technician/Network Technician

Job Description (JD) - Resident Engineer (Air‑Gapped Enclave Ops)

Job Title - Resident Engineer - Air‑Gapped Enclave Operations (Network + Systems + Security Controls)

Experience

3–5 years (Infrastructure / Network / Security Operations)

Location / Mode

Onsite (Resident) - Air‑Gapped Enclave / Command Centre + Server Room

Shift / Availability - 24×7 shift operations (rotational)

·       Includes weekends/holidays as per roster

·       Handover required at every shift change

·       On-call escalation support during critical incidents as per process

Reporting To - Head of IT / IT Infrastructure & Security Lead

Role Purpose –

Operate and maintain the air‑gapped enclave end-to-end (Sanitization Station/BTS + enclave network + servers + storage + workstation connectivity) ensuring:

·       No live external/corporate/internet network link into the enclave

·       Strong segmentation (default deny) and controlled access

·       Repeatable sanitized transfer process with evidence

·       High availability for analysis users across 24×7 operations

Environment (high level)

Air‑gapped enclave with Dell PowerEdge servers, HPE MSA 2070 storage (iSCSI), Aruba switching, and FortiGate segmentation firewall; BTS-based data transfer (no live external connectivity).

Key Responsibilities

1) 24×7 Operations (Run & Maintain)

·       Monitor health and availability of enclave infrastructure: switches, segmentation firewall, servers, storage, and key enclave services.

·       Perform routine checks and maintain daily/shift-wise checklist records.

·       Own shift handover: status, incidents, changes, pending actions, risks.

·       Troubleshoot user issues: analysis workstation connectivity, server access, storage access.

·       Maintain an incident log and follow escalation matrix.

2) Network & segmentation controls (mandatory)

·       Maintain VLAN segmentation as per design (Admin/Mgmt, User/Compute, Server/Infra, Storage/iSCSI, Printers/IoT, Handheld).

·       Ensure default deny inter‑VLAN posture; implement allow rules only with approval and logging.

·       Maintain FortiGate segmentation configuration: VLAN interfaces, policies, logging, backups.

·       Maintain Aruba CX switching: VLANs, trunks, port mappings, shutdown unused ports, configuration backups.

3) Sanitization Station (BTS) operations (air‑gap enforcement)

·       Execute and enforce BTS sanitization SOP for all inbound/outbound transfers.

·       Maintain manifest and SHA‑256 hash evidence per transfer.

·       Ensure sanitization machines meet scanning requirements (Defender + approved second engine) and offline signature update workflow.

·       Ensure strict separation: no dual-homing, no cross-connect, and no “temporary” network links into enclave.

4) Endpoint hardening & physical security controls

·       Ensure enclave endpoints comply with build controls: Wi‑Fi/Bluetooth disabled, USB/port controls (exceptions log), disk encryption as per standard.

·       Maintain asset inventory, labels, and approved removable media tracking.

·       Coordinate with facilities/physical security for restricted access to server room and racks (as per site policy).

5) Storage & server operations (basic ops + coordination)

·       Monitor Dell PowerEdge server health (iDRAC), firmware status, and coordinate planned maintenance.

·       Monitor HPE MSA 2070 (iSCSI): controller health, disk health, capacity, alerts; coordinate vendor support if needed.

·       Validate iSCSI connectivity hygiene: correct VLAN usage, redundancy, and basic multipath awareness (as applicable).

6) Logging, backup, and evidence

·       Maintain central logging inside enclave (syslog/event forwarding as applicable); perform basic review and escalation.

·       Ensure config backups for firewall/switches; ensure scheduled backups and periodic restore tests (as defined).

·       Maintain documentation: as-built diagrams, cable schedule, port maps, network policy summary, and change logs.

7) Vendor / stakeholder coordination

·       Coordinate with installation/cabling vendors for fixes/expansions.

·       Support audits/inspections with evidence pack and attestations as required.

·       Deliverables / Success Measures

·       Zero live network connectivity from enclave to corporate/internet (validated by tests).

·       Segmentation remains intact: default deny inter‑VLAN; all exceptions documented and logged.

·       BTS transfers are auditable: manifest + hashes + scan logs per transfer.

·       Accurate shift handover + reduced repeat incidents.

·       Up-to-date documentation (diagrams + configs + inventories).

Required Skills (Must-have)

·       3–5 years hands-on experience in Network/System Operations.

·       VLANs, trunking, switching fundamentals; basic firewall concepts.

·       Comfortable working in a 24×7 shift environment with strict SOPs and documentation.

·       Strong troubleshooting and communication.

Preferred Skills

·       FortiGate + Aruba CX familiarity.

·       Dell iDRAC basics; HPE MSA basics; iSCSI concepts.

·       Exposure to audit/evidence-driven operations.

• इस फुल टाइम हार्डवेयर / नेटवर्क इंजीनियर Job में 1 - 6+ वर्षो का अनुभव वाले उम्मीदवारों की जरुरत है।