JobTarget Logo

Systems Administrator - Tier II in Centennial, Colorado at Yield Solutions Group Inc

NewHot JobSalary: $75000 - $100000Job Function: Information Technology
Yield Solutions Group Inc
Centennial, Colorado, 80112, United States
Posted on
New job! Apply early to increase your chances of getting hired.

Explore Related Opportunities

Job Description

Systems Administrator – Tier II

Location: Centennial, CO (In-Office) Company: Yield Solutions Group Reports to: IT Manager

---

The Opportunity

RefiJet processes thousands of auto loan refinancing applications every month across 30+ lending partners. That volume runs on Java Spring Boot services, AWS infrastructure, PostgreSQL and MariaDB databases, and a regulatory environment — FCRA, GLBA, SOC 2 — that requires every change to be documented, every endpoint to be compliant, and every access decision to be defensible.

The Systems Administrator, Tier II is the operational layer that holds all of that together. This is a senior individual contributor role, not a generalist help desk function. Tier I handles first-contact triage. Tier II owns what Tier I cannot resolve: stuck MFA enrollments, IAM role misconfigurations in AWS, permission conflicts in GitLab, and anything else that requires genuine diagnosis before escalation. At the same time, Tier II owns several operational domains outright — identity and access management, endpoint compliance, backup verification, monitoring response, and the documentation that survives a SOC 2 audit.

The person in this role needs to be technically grounded, documentation-disciplined, and comfortable working in a regulated environment where "I'll document that later" is not an option.

---

What You'll Do – Key Responsibilities

Identity & Access Management

· Provision and deprovision user accounts across Active Directory, AWS IAM, and the full RefiJet SaaS stack. When a new employee onboards you build out the complete access profile, not just the basic account.

· Resolve Tier I escalations in this domain: stuck MFA enrollments, IAM role misconfigurations, permission conflicts in GitLab, and access inconsistencies that require actual investigation to diagnose.

· Maintain access documentation that reflects current state at all times. In a SOC 2 environment, access records are audit evidence.

Endpoint & Device Management

· Image, configure, and manage workstations across the organization using Microsoft Intune and Autopilot. Own the full device lifecycle from Autopilot enrollment and provisioning profile assignment through Intune configuration policy application, compliance policy enforcement, and patch cycle execution — scheduling, documentation, and remediation included.

· Verify endpoint compliance against SOC 2 control requirements using Intune's compliance reporting. When a gap surfaces — and SOC 2 audits surface them — you own the remediation and the written record of what you did. Troubleshoot Autopilot enrollment failures and Intune policy conflicts before they require escalation.

· Coordinate with the Director of IT/InfoSec on endpoint policy standards and any findings that require a policy-level response.

Server & Infrastructure Operations

· Monitor on-prem and AWS resources on a routine basis: health checks, capacity monitoring, performance baselines.

· Execute maintenance windows, including OS patching, disk management, and scheduled restarts. Coordinate with DevOps before touching anything that sits under the Java Spring Boot services running in AWS.

· Document all infrastructure changes in a change log that can be reviewed without your presence to explain it.

Network & Connectivity

· Manage DNS and DHCP configurations. Troubleshoot VPN issues at the routing and configuration level, not just the client level. Review firewall ACLs when connectivity issues require it.

· When an issue requires DevOps or InfoSec escalation, hand it off with a clear, specific problem statement — what you've ruled out, what you believe the root cause is, what you've already tried.

Security Operations

· Participate in vulnerability remediation cycles under the direction of the Director of IT/InfoSec. This means executing the operational work: patching, configuration changes, verification, and documentation.

· Work with the DevOps team to respond to Datadog alerts that are security-adjacent with the same operational rigor as any other alert: acknowledge, work the runbook, escalate with context when the runbook doesn't resolve it.

· Enforce endpoint compliance policies in a way that holds up against FCRA, GLBA, and SOC 2 requirements. The Director of IT/InfoSec owns the strategy; this role is the operational execution arm.

Application & SaaS Administration

· Administer the full productivity and collaboration stack at the admin level: GitLab, AWS console access management, and the line-of-business applications that support the loan processing pipeline.

· Handle backend configuration changes that end users never see — permission structures, integration settings, SSO configurations, license management — and document every change.

· Serve as the internal subject matter contact for admin-level issues on the platforms you own. When something breaks in a way users cannot fix themselves, it comes here.

Backup & Recovery

· Verify that backup jobs completed successfully across all covered systems. Identify and respond to failures before they become recovery events.

· Work with the DevOps team to run scheduled restore tests against PostgreSQL and MariaDB instances connected to live lender data. Document the results in a format that demonstrates the test was actually performed and the restore was actually validated.

· Maintain recovery documentation that is current and tested, not aspirational.

Monitoring & Alerting

· Own the operational response side: acknowledging alerts, working through established runbooks, and escalating with full context when escalation is warranted.

· Contribute to runbook maintenance when gaps or inaccuracies are identified. You are not building the observability stack — that is DevOps — but you are its primary operational consumer, and that means you have standing to flag when it needs improvement.

Documentation

· Maintain runbooks, SOPs, and change logs for every operational domain you own. This is not supplemental work — it is a core deliverable in a SOC 2 environment.

· Write documentation that a colleague or auditor can follow independently, without asking you clarifying questions. Ambiguous documentation in a regulated environment is a liability.

Escalation Triage

· Receive everything Tier I cannot resolve. Diagnose it accurately. Either resolve it or escalate it — to DevOps, InfoSec, or a vendor — with a specific, well-documented problem statement.

· The standard here is clean handoff, not necessarily full resolution. Passing a vague ticket upward is not an acceptable outcome at any escalation level.

---

Required Skills & Experience

· 3+ years in a systems administration role, with clear Tier II or higher responsibilities (not just Tier I volume with a different title)

· Active Directory administration: user and group management, group policy, troubleshooting authentication and access issues in Windows-based environments

· Microsoft Intune: configuration policy management, compliance policy enforcement, device enrollment, and the compliance reporting that SOC 2 audits require

· Microsoft Autopilot: deployment profile creation and assignment, enrollment troubleshooting, and hardware provisioning workflows for new and replacement devices

· AWS IAM at an operational level: creating and managing roles, policies, and users; identifying and resolving access misconfigurations; understanding how IAM interacts with services running in the environment

· Datadog or equivalent monitoring platform: alert acknowledgment, runbook execution, escalation workflows, and enough observability literacy to know when an alert is noise versus signal

· Network fundamentals applied in practice: DNS and DHCP configuration management, VPN troubleshooting beyond the client layer, firewall ACL review, routing concepts sufficient to diagnose and describe connectivity issues accurately

· Backup and recovery: hands-on experience verifying job completion, executing restore tests, and documenting results for production database environments

· GitLab or equivalent DevOps platform administration at the admin level — not just as a user

· SOC 2 operational familiarity: what documentation compliance looks like in practice, what an auditor expects, and how to build habits that hold up under review

· Written communication that produces clear, self-contained runbooks and change logs — not notes that only make sense if you wrote them

---

Nice to Have

The following are not requirements, but candidates who bring any of these will have a shorter ramp to full operational impact.

· Experience with auto lending, auto refinancing, or consumer credit products.

· Familiarity with loan origination systems (LOS), credit decisioning, or lending infrastructure.

· Experience working with external partners or B2B clients in a product-led organization.

---

Compensation & Benefits

Base Salary: $80,000 - $100,000 annually, commensurate with experience

Bonus: Performance-based incentives tied to company and individual goals

Benefits: Comprehensive benefits including health, dental, vision, life insurance, 401(k), PTO, career development opportunities, and the chance to join Denver's Best Place to Work (2024 & 2025) with a dynamic culture focused on internal promotion and employee growth.

---

Equal Opportunity Statement

Yield Solutions Group is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants.

Job Location

Centennial, Colorado, 80112, United States

Frequently asked questions about this position

Similar Jobs In Centennial, Colorado

Network Engineer Principal (TS/Q clearance required)

General Dynamics Information Technology
Denver, Colorado

Tier 3 System Administrator - TS/SCI with Polygraph

General Dynamics Information Technology
Aurora, Colorado

Sr Network & Systems Engineer

Craig Hospital
Englewood, Colorado

Field Technician Support Lead

COMTECH TELECOMMUNICATIONS
Broomfield, Colorado

Data Warehouse Analyst I

Craig Hospital
Englewood, Colorado

Apply NowYour application goes straight to the hiring team