System Administrator, IT Services (Cloud, Network, & Security) in Calabasas, California at AmaWaterways, LLC

At AmaWaterways, we believe meaningful careers begin with purpose, passion and a shared commitment to delivering unforgettable experiences. For those who value curiosity, connection and personal enrichment, AmaWaterways offers the opportunity to help craft meaningful river journeys that invite travelers to follow their own current. Built on a foundation of heartfelt hospitality, we treat our guests—and each other—with genuine care, warmth and respect. AmaWaterways fosters a collaborative environment both onboard our ships and across our global network of offices, where team members grow together, support one another and take pride in upholding the high standards and thoughtful service our company is known for.

We invite talented, motivated professionals to explore our career opportunities and begin their journey with AmaWaterways today.

SUMMARY: The System Administrator, IT Services is a hands-on infrastructure role with a primary emphasis on cloud administration, network administration, and security from the system-administration side. The position is responsible for administering and securing AmaWaterways’ Microsoft Azure and AWS environments, Cisco-based network infrastructure, and identity, endpoint, and server security posture — while also supporting the broader environment, including VMware virtualization, Citrix Cloud applications and virtual desktops, Microsoft 365 and Active Directory / Entra ID, and 8x8 telephony. Reporting to the Manager, System Administration (Mynard Fontillas), this role keeps AmaWaterways’ employees productive and protected across the Calabasas headquarters and global offices, combining deep technical work with strong customer service, clear documentation, and close partnership with the rest of IT and Security.

DUTIES AND RESPONSIBILITIES:

Cloud Administration (Primary Focus)

• Serve as a primary administrator for AmaWaterways’ Microsoft Azure and Amazon Web Services (AWS) environments, including provisioning and lifecycle management of virtual machines/EC2 instances, storage, and platform services.
• Administer cloud identity and access management — Microsoft Entra ID (Azure AD), Azure RBAC, AWS IAM users/roles/policies — applying least-privilege principles and managing federation and single sign-on.
• Configure and maintain cloud networking constructs (VNets/VPCs, subnets, route tables, network security groups, security groups, VPN/ExpressRoute/Direct Connect, and load balancers).
• Monitor cloud cost, utilization, and capacity; identify rightsizing and optimization opportunities; and support tagging, budgeting, and chargeback/showback reporting.
• Implement and maintain cloud backup, snapshot, and disaster-recovery configurations across Azure and AWS workloads, and perform periodic recovery testing.
• Support cloud governance and configuration baselines using native tooling (Azure Policy, Microsoft Defender for Cloud, AWS Config/Security Hub) and assist with infrastructure-as-code and automation where applicable.

Network Administration (Primary Focus)

• Administer Cisco network infrastructure — switches, routers, and wireless — including VLANs, trunking, port configuration, basic routing and switching, and firmware/IOS updates across the Calabasas headquarters and remote offices.
• Administer firewalls, VPN, and remote-access connectivity; manage site-to-site and client VPN tunnels and support secure connectivity between offices, data center/colo, and cloud.
• Manage core network services (DNS, DHCP, NTP) and Wi-Fi infrastructure, including SSID configuration, controller management, and wireless performance troubleshooting.
• Monitor network health, performance, and availability using monitoring/alerting tools; investigate and resolve connectivity, latency, and throughput issues, escalating to vendors/MSPs for changes that exceed the role’s scope.
• Maintain network documentation — topology diagrams, IP address management (IPAM), VLAN and firewall rule inventories — and keep configuration backups current.
• Support telephony and contact-center networking for 8x8 (QoS, SIP/RTP traffic, and call-quality troubleshooting) in partnership with the voice platform.

Security Administration (Primary Focus)

• Apply system-administration security practices across cloud, network, server, and endpoint layers — hardening configurations, enforcing least-privilege access, and maintaining secure baselines.
• Administer multi-factor authentication, Conditional Access, and identity-protection policies in Microsoft Entra ID; review privileged access and support access certifications/reviews.
• Operate and maintain endpoint and server protection (EDR/AV), disk encryption (BitLocker/FileVault), and patch/vulnerability remediation in accordance with the IT security and patch-management standards.
• Support email and collaboration security (anti-phishing, anti-spam, safe links/attachments) and assist with triage and remediation of phishing, impersonation, and account-compromise incidents.
• Monitor security alerts and logs across Microsoft Defender, cloud-native security tooling, and network devices; investigate, document, and escalate suspected incidents.
• Assist with vulnerability scanning, remediation tracking, and security configuration reviews; contribute to security audits, evidence gathering, and policy/standard compliance.
• Partner with leadership and any third-party security providers (MSP/MSSP) on incident response, threat containment, and continuous-improvement initiatives.

Infrastructure & End-User Support (Supporting Responsibilities)

• Administer and maintain the on-premises VMware vSphere environment (ESXi hosts, vCenter), including virtual machine provisioning, storage management, host patching, and performance troubleshooting.
• Administer the Citrix Cloud environment, including published applications and virtual desktops (Citrix DaaS / Virtual Apps and Desktops), delivery groups, machine catalogs, image updates, and end-user session troubleshooting.
• Administer Microsoft 365 services (Exchange Online, Microsoft Teams, SharePoint Online, OneDrive), including mailbox, distribution-list, license, and collaboration management.
• Administer Active Directory and on-premises identity services — users, groups, organizational units, Group Policy, DNS, and DHCP — including hybrid synchronization with Entra ID.
• Provision, patch, monitor, and maintain Windows Server and select Linux servers, both on-premises (VMware) and in Azure/AWS, including backup verification.
• Manage Windows and macOS endpoints using Microsoft Intune (or comparable MDM/UEM) — enrollment, compliance and configuration policies, software deployment, and remote remediation — and administer iOS/Android mobile devices.
• Provide Tier 2/Tier 3 support to AmaWaterways employees, working escalations and tickets through the ITSM ticketing system to resolution within agreed SLAs.
• Own IT onboarding and offboarding: account creation, license and access assignment, virtual desktop entitlements, equipment provisioning/imaging, and timely deprovisioning.
• Maintain accurate IT asset and licensing records (hardware, software, cloud) and manage decommissioning in accordance with data-sanitization policy.
• Coordinate with vendors and managed service providers (Microsoft, AWS, Cisco, VMware/Broadcom, Citrix, 8x8, Dell, Lenovo, Apple, ISPs) for procurement, support cases, and field work.
• Document procedures, runbooks, and knowledge-base articles; keep documentation current as the environment evolves.
• Participate in IT projects (cloud migrations, network upgrades, security rollouts, virtualization/VDI initiatives, hardware refreshes, and telephony migrations) under the direction of the Manager, System Administration.
• Participate in an after-hours on-call rotation for critical IT incidents, as required.
• Performs other related duties as assigned by management.

SUPERVISORY RESPONSIBILITIES:

• This is an individual contributor role with no direct reports.
• May provide informal guidance and knowledge transfer to Help Desk staff, contractors, or interns assigned to IT Services projects.
• Carries out responsibilities in accordance with the organization’s policies and applicable laws.

QUALIFICATIONS:

• Associate’s or Bachelor’s Degree in Information Technology, Computer Science, Information Systems, Cybersecurity, or a related discipline, or equivalent combination of education and experience.
• Industry certifications strongly preferred, such as: Microsoft Certified: Azure Administrator Associate (AZ-104) and/or Azure Security Engineer Associate (AZ-500); AWS Certified SysOps Administrator or Solutions Architect – Associate; Cisco CCNA; CompTIA Security+, Network+, and/or CySA+; Microsoft Identity and Access Administrator Associate (SC-300) or Security Operations Analyst Associate (SC-200); ITIL 4 Foundation.
• Computer skills required: Microsoft Azure and AWS administration (compute, storage, identity, networking, security/governance tooling); Cisco switching, routing, wireless, and VPN; firewalls and network segmentation; Microsoft Entra ID / Azure AD and Active Directory (incl. Conditional Access and MFA); endpoint and email security (EDR/AV, Microsoft Defender, encryption); SIEM/log monitoring; VMware vSphere (ESXi, vCenter); Citrix Cloud / Virtual Apps and Desktops (DaaS); Microsoft 365 administration; Windows Server and basic Linux; Microsoft Intune (or comparable MDM/UEM); 8x8 telephony; PowerShell and Azure/AWS CLI scripting; ITSM ticketing systems; Microsoft Office Suite; and modern AI-assisted productivity tooling.
• Other skills required:
• 3–6 years of professional experience in system administration with a demonstrated focus on cloud, network, and/or security administration.
• Hands-on experience administering Microsoft Azure and AWS, including compute, storage, identity (Entra ID / IAM), and cloud networking.
• Working knowledge of cloud security and governance tooling (Microsoft Defender for Cloud, Azure Policy, AWS Security Hub/Config) and least-privilege access models.
• Hands-on experience administering Cisco networking — switching, routing, wireless, VLANs, and VPN — with the ability to configure devices and troubleshoot independently.
• Working knowledge of firewalls, network segmentation, and secure connectivity between on-premises, data center/colo, and cloud environments.
• Experience with security operations from a sys-admin perspective: MFA/Conditional Access, EDR/AV, encryption, patch and vulnerability management, and phishing/incident triage.
• Familiarity with SIEM/log monitoring and Microsoft Defender (Endpoint, Identity, Office 365) or comparable tooling.
• Hands-on experience administering Microsoft 365 and Active Directory / Entra ID, including hybrid identity, in a corporate environment.
• Working knowledge of VMware vSphere (ESXi/vCenter) and Citrix Virtual Apps and Desktops (DaaS).
• Working knowledge of Windows Server administration (AD, Group Policy, DNS, DHCP, file/print) and basic Linux administration.
• Proficiency with PowerShell scripting (and familiarity with Azure CLI/AWS CLI or infrastructure-as-code) for administration and automation.
• Familiarity with backup and recovery tooling (Veeam, Microsoft 365 backup, cloud-native snapshots, or equivalent).
• Familiarity with ITIL processes (incident, request, problem, change, asset, knowledge management).
• Strong customer-service orientation, with the ability to communicate clearly with non-technical employees and executives.
• Strong written communication skills, with the ability to document architecture, procedures, runbooks, and knowledge-base articles.
• Strong organizational skills and attention to detail, with the ability to manage multiple priorities in parallel.
• Ability to lift and move IT equipment (up to 25 lbs frequently, up to 50 lbs occasionally with assistance) for equipment setup, office moves, and equipment-room work.
• Hospitality, travel, cruise, or comparable customer-experience industry exposure is a plus but not required.
• Familiarity with audiovisual and meeting-room technology (Microsoft Teams Rooms) is a plus.

COMPETENCIES:

• Ethics - Treats people with respect; Keeps commitments; Inspires the trust of others; Works with integrity and ethically; Upholds organizational values.
• Adaptability - Adapts to changes in the work environment; Manages competing demands; Changes approach or method to best fit the situation; Able to deal with frequent change, delays, or unexpected events.
• Customer Service - Manages difficult or emotional customer situations; Responds promptly to customer needs; Solicits customer feedback to improve service; Responds to requests for service and assistance; Meets commitments.
• Quality - Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.

PHYSICAL DEMANDS AND WORK ENVIRONMENT:

• Occasionally required to stand
• Occasionally required to walk
• Continually required to sit
• Continually required to utilize hand and finger dexterity
• Occasionally required to climb, balance, bend, stoop, kneel or crawl
• Frequently required to talk or hear
• Frequently required to lift and/or move up to 25 pounds (computers, monitors, networking equipment, peripherals)
• Occasionally required to lift and/or move up to 50 pounds with assistance (servers, UPS units, larger equipment)
• While performing the duties of this job, the noise level in the work environment is usually moderate; occasional exposure to higher noise levels in server/equipment rooms
• Specific vision abilities required by this job include Close Vision and Color Vision (for cable and indicator identification)

The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or physical requirements. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.