Lattice Semiconductor logo

Windows Systems Administrator

Lattice Semiconductor
1 day ago
Full-time
On-site
Pune, Maharashtra, India

Lattice Overview

There is energy here…energy you can feel crackling at any of our international locations. It’s an energy generated by enthusiasm for our work, for our teams, for our results, and for our customers. Lattice is a worldwide community of engineers, designers, and manufacturing operations specialists in partnership with world-class sales, marketing, and support teams, who are developing programmable logic solutions that are changing the industry. Our focus is on R&D, product innovation, and customer service, and to that focus, we bring total commitment and a keenly sharp competitive personality.Energy feeds on energy. If you flourish in a fast paced, results-oriented environment, if you want to achieve individual success within a “team first” organization, and if you believe you can contribute and succeed in a demanding yet collegial atmosphere, then Lattice may well be just what you’re looking for.

Responsibilities & Skills

The Windows Systems Administrator is a senior-level technical role responsible for the design, deployment, configuration, security, and ongoing management of enterprise Windows server infrastructure. This position serves as a subject matter expert across Microsoft and third-party tooling, driving operational excellence and compliance alignment across all platforms.

 

 

KEY TECHNOLOGIES & PLATFORMS

Candidates must demonstrate hands-on proficiency with the following platforms:

Windows Server 2016/2019/2022

Active Directory / Entra ID

Microsoft SCCM / MECM

Microsoft Exchange / Exchange Online

Microsoft 365 / O365

Azure IaaS / PaaS / Hybrid

MS SQL Server

ManageEngine Suite

Qualys VMDR

Windows Server Update Services

PowerShell / Scripting

Group Policy (GPO)

 

SUMMARY OF RESPONSIBILITIES

The Windows Systems Administrator will be responsible for end-to-end lifecycle management of Windows-based infrastructure across on-premises, hybrid, and cloud environments. Core responsibilities include:

Server Configuration & Deployment

  • Plan, provision, and configure physical and virtual Windows Server environments (2016, 2019, 2022) in accordance with organizational standards and security baselines (CIS / STIG).

  • Develop and maintain gold image / baseline templates for rapid and repeatable server deployment using SCCM task sequences, WDS, and MDT.

  • Manage server hardware lifecycle including firmware updates, BIOS configuration, RAID, and storage provisioning.

  • Perform post-deployment hardening, role/feature configuration, and integration validation for all new server builds.

  • Document all build configurations, standards, and change records per ITIL-aligned change management procedures.

 

Windows Patching & Update Management

  • Own and operate the enterprise Windows patching program using SCCM / MECM and WSUS, ensuring timely patch deployment across all server and endpoint tiers.

  • Define and enforce patch compliance SLAs by environment (production, staging, development) aligned with organizational policy and regulatory requirements.

  • Integrate Qualys VMDR scanning data to validate remediation status, prioritize critical CVEs, and produce executive-level compliance dashboards.

  • Manage patch rings, maintenance windows, and rollback procedures to minimize production impact.

  • Collaborate with application teams to test and validate patches in pre-production environments prior to production release.

 

Active Directory & Microsoft Entra ID (Azure AD)

  • Administer and architect Active Directory Domain Services (AD DS), including domain/forest design, trust relationships, site topology, and replication.

  • Manage and enforce Group Policy Objects (GPOs) for security baselines, software delivery, and user/computer configuration.

  • Administer and extend Microsoft Entra ID (formerly Azure Active Directory), including hybrid identity with Azure AD Connect, Conditional Access policies, MFA, and SSPR.

  • Manage identity lifecycle including user/group provisioning, deprovisioning, role assignments, and privileged identity management (PIM).

  • Perform regular AD health assessments, cleanup, and security audits including stale object remediation and privileged account reviews.

 

Microsoft SQL Server

  • Install, configure, and administer Microsoft SQL Server instances (2016–2022) in standalone and high-availability configurations (Always On AG, FCI, log shipping).

  • Manage SQL security, database maintenance plans, backup/restore strategies, and performance monitoring.

  • Coordinate with DBAs and application owners on patching, capacity planning, and SQL Server version upgrades.

  • Apply SQL Server CUs and security patches in alignment with the enterprise patching schedule.

 

SCCM / Microsoft Endpoint Configuration Manager (MECM)

  • Administer the full SCCM / MECM hierarchy including site servers, distribution points, management points, and software update points.

  • Manage application packaging, deployment, software inventory, and hardware inventory across the enterprise.

  • Build and maintain OS deployment (OSD) task sequences for automated Windows imaging and zero-touch provisioning (ZTP).

  • Configure compliance baselines, configuration items (CIs), and reporting to ensure endpoint conformance.

  • Integrate SCCM with Intune (co-management) for hybrid endpoint management strategies.

 

ManageEngine Suite

  • Administer ManageEngine products relevant to infrastructure management, including Desktop Central / Endpoint Central, ServiceDesk Plus, ADManager Plus, and/or OpManager as applicable.

  • Configure and maintain automated patch deployment, remote management, and endpoint compliance workflows within ManageEngine.

  • Integrate ManageEngine tooling with ITSM processes for incident, problem, and change management.

  • Generate operational reports and dashboards to support SLA tracking and audit readiness.

 

Qualys Vulnerability Management

  • Manage Qualys VMDR platform including scanner appliance deployment, asset tagging, scan scheduling, and authenticated scanning configuration for Windows assets.

  • Triage, prioritize, and assign vulnerability findings to appropriate remediation owners based on CVSS scoring and business impact.

  • Track and report remediation SLA compliance; escalate overdue items per organizational policy.

  • Participate in vulnerability review boards and produce monthly/quarterly risk posture reports for IT leadership and security teams.

 

System Configuration Management

  • Define, maintain, and enforce Windows configuration baselines using Group Policy, SCCM Compliance Settings, and/or Azure Policy.

  • Utilize infrastructure-as-code (IaC) and PowerShell DSC for automated and repeatable configuration enforcement.

  • Maintain configuration management database (CMDB) accuracy with up-to-date server inventory, roles, dependencies, and ownership.

  • Conduct periodic configuration drift reviews and remediate non-compliant assets.

 

Microsoft Exchange & Exchange Online

  • Administer on-premises Microsoft Exchange (2016/2019) environments including DAG configuration, mailbox management, transport rules, and connectors.

  • Manage Exchange Online (Microsoft 365) administration including recipient management, shared mailboxes, distribution groups, mail flow, and anti-spam policies.

  • Plan and execute Exchange hybrid migrations and cutover migrations to Exchange Online using the Microsoft Hybrid Configuration Wizard.

  • Troubleshoot mail flow, delivery failures, and client connectivity issues across on-premises and cloud Exchange environments.

  • Administer Exchange certificates, namespaces, and Autodiscover configurations.

 

Microsoft 365 / O365 Administration

  • Administer Microsoft 365 tenant-level settings including licensing, security & compliance policies, DLP, retention, and eDiscovery.

  • Manage Microsoft Teams, SharePoint Online, OneDrive for Business, and related collaboration workloads.

  • Configure and monitor Microsoft 365 Defender (formerly ATP), Safe Attachments, Safe Links, and anti-phishing policies.

  • Administer Intune for mobile device management (MDM) and mobile application management (MAM) across Windows, iOS, and Android endpoints.

  • Monitor M365 service health, licensing utilization, and usage analytics via the M365 Admin Center and Microsoft 365 Defender portal.

 

Microsoft Azure (Hybrid & Cloud Infrastructure)

  • Design and administer Azure IaaS resources including Virtual Machines, Virtual Networks (VNets), NSGs, Load Balancers, Azure Bastion, and Storage Accounts.

  • Manage Azure hybrid connectivity including Azure VPN Gateway, ExpressRoute, and Azure Arc for on-premises server management.

  • Administer Azure Policy, RBAC, and Microsoft Defender for Cloud to enforce governance, compliance, and cloud security posture.

  • Implement and manage Azure Backup, Azure Site Recovery (ASR), and Azure Monitor for hybrid business continuity and observability.

  • Maintain Azure cost governance through tagging strategies, budget alerts, and resource lifecycle management.

 

REQUIRED QUALIFICATIONS

  • Bachelor's degree in Computer Science, Information Technology, Information Systems, or a closely related field; equivalent experience accepted in lieu of degree.

  • Minimum 5+ years of hands-on experience administering enterprise Windows Server environments (2016/2019/2022).

  • Demonstrated expertise across Active Directory, Group Policy, DNS, and DHCP administration at enterprise scale.

  • Strong operational experience with SCCM / MECM including OSD, software distribution, and software update management.

  • Proven experience managing Microsoft Exchange on-premises and/or Exchange Online in a production environment.

  • Working knowledge of Microsoft 365 administration including Exchange Online, Teams, SharePoint, and Intune.

  • Experience with Azure IaaS, hybrid identity (Entra ID / AAD Connect), and Azure administration fundamentals.

  • Proficiency in PowerShell scripting for automation, bulk operations, and infrastructure management.

  • Experience with vulnerability management tools, preferably Qualys VMDR, including scan configuration and remediation tracking.

  • Strong understanding of IT security principles, patch management, and configuration hardening (CIS Benchmarks / DISA STIGs).

 

PREFERRED QUALIFICATIONS

  • Microsoft certifications: AZ-104 (Azure Administrator), MS-102 (M365 Administrator Expert), MD-102 (Endpoint Administrator), or equivalent.

  • Experience with Microsoft SQL Server administration in HA/DR configurations.

  • Hands-on experience with ManageEngine Desktop Central / Endpoint Central or ServiceDesk Plus.

  • Familiarity with ITIL processes; ITIL 4 Foundation certification preferred.

  • Experience with co-management (SCCM + Intune) and modern device management strategies.

  • Knowledge of enterprise networking concepts: VLANs, routing, firewall rules, and proxy configurations.

  • Experience with VMware vSphere or Microsoft Hyper-V in enterprise virtualization environments.

  • Exposure to infrastructure-as-code tools (Terraform, Bicep, ARM templates) for Azure resource management.

 

 

PHYSICAL & WORK ENVIRONMENT REQUIREMENTS

  • Ability to work in both office and data center environments, including server room conditions (temperature, noise, standing).

  • Occasional lifting of equipment up to 50 lbs (rack-mount servers, UPS units, network hardware).

  • Availability for on-call rotation to respond to Severity 1/2 infrastructure incidents outside standard business hours.

  • Ability to work extended hours during planned maintenance windows, system migrations, or incident response events.

 

COMPLIANCE & SECURITY NOTICE

This role operates with elevated administrative privileges across critical enterprise systems. All candidates are subject to background screening, reference verification, and annual security awareness training. Employment is contingent upon adherence to all applicable IT security policies, acceptable use policies, and data protection regulations (e.g., HIPAA, SOX, PCI-DSS, GDPR as applicable to organizational scope). Unauthorized access, data exfiltration, or misuse of administrative privileges will result in immediate termination and potential legal action.

 

This job description is intended to convey the general nature and scope of responsibilities. It is not an exhaustive list of all duties, and the organization reserves the right to modify responsibilities in response to business needs.