Systems & Cloud Infrastructure Engineer

Company Information Kretek International is America's #1 importer, marketer and distributor of specialty tobacco products, including high-end cigars, tobacco and alternative products, with such well-known brands as Djarum, Cuban Rounds and High Tea Herbal Wraps. Founded 38+ years ago, Kretek continues to grow and consistently seeks talented employees who can help the company do that. For more information, please visit: http://www.kretek.com About the Role We are seeking an experienced Infrastructure Network & Security Engineer to design, implement, and secure our customers' enterprise network infrastructures. This mid-level hybrid engineering position requires 5-7 years of hands-on experience spanning network architecture, implementation, and security operations. The ideal candidate will be a proactive problem-solver who can balance network infrastructure engineering with security monitoring and threat response, working both independently and collaboratively to deliver robust, scalable, and secure network solutions. Key Responsibilities Windows Server Management

• Administer Windows Server (2016/2019/2022): physical and virtualized on VMware vSphere/Horizon

Manage Active Directory:

user/group lifecycle, OUs, Group Policy, DNS, DHCP, and domain trusts

• Oversee file services, DFS, storage management, backup, and recovery
• Drive the server patching and vulnerability remediation cadence
• Plan and execute server migrations, OS upgrades, and decommissions
• Maintain build standards, runbooks, and disaster recovery documentation Microsoft 365 Administration
• Administer the full M365 tenant: users, licenses, roles, and secure offboarding

Manage Exchange Online:

mail flow, connectors, shared mailboxes, and retention policies

Govern Teams and SharePoint:

site provisioning, guest access, permissions, and data retention

• Configure Entra ID (Azure AD): SSO, Conditional Access, identity governance, and Entra Connect

Administer Intune MDM/MAM:

enrollment, compliance policies, configuration profiles, and app deployment

• Use the M365 Security & Compliance Center for DLP, sensitivity labels, and audit monitoring
• Automate administration tasks using PowerShell and Microsoft Graph API Security Operations

Administer Barracuda Email Security:

filtering policies, SPF/DKIM/DMARC, and incident response for email-borne threats

• Monitor and respond to Defender for Endpoint and Intune security alerts
• Enforce endpoint compliance posture and Conditional Access policies
• Conduct regular vulnerability assessments and manage patch remediation
• Maintain SIEM (Splunk or Microsoft Sentinel): detection rules, alert tuning, and escalation
• Run phishing simulations and user security awareness programs
• Apply security frameworks:

NIST CSF, CIS

Controls, Zero Trust principles Network & Infrastructure Support

• Maintain firewalls (SonicWall, Cisco, Fortinet), VPN configurations, and network segmentation (VLANs, ACLs)
• Administer Ubiquiti UniFi wireless — coverage, QoS, channel planning, and guest isolation
• Monitor network health with Auvik; maintain topology documentation
• Support AWS/Azure cloud networking and hybrid connectivity as we migrate workloads to the cloud AWS & Azure Cloud Infrastructure Design and manage cloud networking in AWS and Azure — VPCs/VNets, subnets, route tables, security groups, NACLs/NSGs, and internet/NAT gateways Build and maintain hybrid connectivity between on-premises infrastructure and cloud environments using site-to-site VPN or dedicated circuits (AWS Direct Connect / Azure ExpressRoute) Configure cloud resilience and high availability — multi-AZ deployments, auto-scaling, load balancers, and failover strategies to minimize business risk during cloud outages Provision and manage cloud developer environments securely — IAM roles, least-privilege access, secrets management (AWS Secrets Manager / Azure Key Vault), and cost controls Use infrastructure-as-code (Terraform, CloudFormation, or Bicep) to provision repeatable, auditable cloud resources Monitor cloud workload performance and costs using CloudWatch, Azure Monitor, and budget alerting tools Database & General • Administer on-prem (SQL Server / MySQL / PostgreSQL) and cloud databases (AWS RDS / Azure SQL) • Provision and maintain secure cloud developer environments with proper IAM, networking, and cost controls • Manage IT tickets and projects in Jira; document resolutions for team knowledge sharing • Mentor junior team members and collaborate across IT and business functions Required Qualifications Experience & Education • 5-7 years of progressive experience in network engineering and infrastructure design • Bachelor's degree in IT, Computer Science, or related field preferred Preferred Qualifications • Microsoft certifications: MS-102 (M365 Administrator Expert), AZ-104 (Azure Administrator), SC-300 (Identity & Access), or equivalent • AWS certifications: AWS Solutions Architect Associate, AWS SysOps Administrator, or AWS Cloud Practitioner • Azure certifications: AZ-104 (Azure Administrator), AZ-700 (Azure Network Engineer), or AZ-500 (Azure Security Engineer) • CCNP, CompTIA Security+, Network+, or other relevant certifications • Cloud automation and IaC experience: Terraform, CloudFormation, Bicep, Ansible, or Python (Boto3 / Azure SDK) Professional Skills • Excellent troubleshooting and problem-solving abilities • Strong communication skills for technical and non-technical audiences • Project management experience with infrastructure initiatives • Ability to manage multiple priorities in a fast-paced environment

Physical Requirements:

• Ability to stand and walk.
• Ability to reach above, at, or below waist height
• Ability to kneel, bend, stoop, turn and twist
• Ability to lift 25lb regularly and occasionally up to 50 lbs.

Safety:

• The incumbent must be able to perform this job safely without endangering the health or safety of self or others.

Supervisory Responsibility:

• The position currently has no people supervisory responsibility Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job.

Duties, responsibilities and activities may change or be added at any time per business needs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Pay:

$110,000.00

• $130,000.

00 per year

Benefits:

401(k) 401(k) matching Dental insurance Employee assistance program Employee discount Flexible spending account Health insurance Life insurance Paid time off Vision insurance

Work Location:

In person Systems & Cloud Infrastructure Engineer 3.5 3.5 out of 5 stars 5449 Endeavour Court, Moorpark, CA 93021 $110,000

• $130,000 a year
• Full-time Kretek International, Inc. 30 reviews $110,000
• $130,000 a year
• Full-time Company Information Kretek International is America's #1 importer, marketer and distributor of specialty tobacco products, including high-end cigars, tobacco and alternative products, with such well-known brands as Djarum, Cuban Rounds and High Tea Herbal Wraps.

Founded 38+ years ago, Kretek continues to grow and consistently seeks talented employees who can help the company do that. For more information, please visit: http://www.kretek.com About the Role We are seeking an experienced Infrastructure Network & Security Engineer to design, implement, and secure our customers' enterprise network infrastructures. This mid-level hybrid engineering position requires 5-7 years of hands-on experience spanning network architecture, implementation, and security operations. The ideal candidate will be a proactive problem-solver who can balance network infrastructure engineering with security monitoring and threat response, working both independently and collaboratively to deliver robust, scalable, and secure network solutions. Key Responsibilities Windows Server Management

• Administer Windows Server (2016/2019/2022): physical and virtualized on VMware vSphere/Horizon

Manage Active Directory:

user/group lifecycle, OUs, Group Policy, DNS, DHCP, and domain trusts

• Oversee file services, DFS, storage management, backup, and recovery
• Drive the server patching and vulnerability remediation cadence
• Plan and execute server migrations, OS upgrades, and decommissions
• Maintain build standards, runbooks, and disaster recovery documentation Microsoft 365 Administration
• Administer the full M365 tenant: users, licenses, roles, and secure offboarding

Manage Exchange Online:

mail flow, connectors, shared mailboxes, and retention policies

Govern Teams and SharePoint:

site provisioning, guest access, permissions, and data retention

• Configure Entra ID (Azure AD): SSO, Conditional Access, identity governance, and Entra Connect

Administer Intune MDM/MAM:

enrollment, compliance policies, configuration profiles, and app deployment

• Use the M365 Security & Compliance Center for DLP, sensitivity labels, and audit monitoring
• Automate administration tasks using PowerShell and Microsoft Graph API Security Operations

Administer Barracuda Email Security:

filtering policies, SPF/DKIM/DMARC, and incident response for email-borne threats

• Monitor and respond to Defender for Endpoint and Intune security alerts
• Enforce endpoint compliance posture and Conditional Access policies
• Conduct regular vulnerability assessments and manage patch remediation
• Maintain SIEM (Splunk or Microsoft Sentinel): detection rules, alert tuning, and escalation
• Run phishing simulations and user security awareness programs
• Apply security frameworks:

NIST CSF, CIS

Controls, Zero Trust principles Network & Infrastructure Support

• Maintain firewalls (SonicWall, Cisco, Fortinet), VPN configurations, and network segmentation (VLANs, ACLs)
• Administer Ubiquiti UniFi wireless — coverage, QoS, channel planning, and guest isolation
• Monitor network health with Auvik; maintain topology documentation
• Support AWS/Azure cloud networking and hybrid connectivity as we migrate workloads to the cloud AWS & Azure Cloud Infrastructure Design and manage cloud networking in AWS and Azure — VPCs/VNets, subnets, route tables, security groups, NACLs/NSGs, and internet/NAT gateways Build and maintain hybrid connectivity between on-premises infrastructure and cloud environments using site-to-site VPN or dedicated circuits (AWS Direct Connect / Azure ExpressRoute) Configure cloud resilience and high availability — multi-AZ deployments, auto-scaling, load balancers, and failover strategies to minimize business risk during cloud outages Provision and manage cloud developer environments securely — IAM roles, least-privilege access, secrets management (AWS Secrets Manager / Azure Key Vault), and cost controls Use infrastructure-as-code (Terraform, CloudFormation, or Bicep) to provision repeatable, auditable cloud resources Monitor cloud workload performance and costs using CloudWatch, Azure Monitor, and budget alerting tools Database & General • Administer on-prem (SQL Server / MySQL / PostgreSQL) and cloud databases (AWS RDS / Azure SQL) • Provision and maintain secure cloud developer environments with proper IAM, networking, and cost controls • Manage IT tickets and projects in Jira; document resolutions for team knowledge sharing • Mentor junior team members and collaborate across IT and business functions Required Qualifications Experience & Education • 5-7 years of progressive experience in network engineering and infrastructure design • Bachelor's degree in IT, Computer Science, or related field preferred Preferred Qualifications • Microsoft certifications: MS-102 (M365 Administrator Expert), AZ-104 (Azure Administrator), SC-300 (Identity & Access), or equivalent • AWS certifications: AWS Solutions Architect Associate, AWS SysOps Administrator, or AWS Cloud Practitioner • Azure certifications: AZ-104 (Azure Administrator), AZ-700 (Azure Network Engineer), or AZ-500 (Azure Security Engineer) • CCNP, CompTIA Security+, Network+, or other relevant certifications • Cloud automation and IaC experience: Terraform, CloudFormation, Bicep, Ansible, or Python (Boto3 / Azure SDK) Professional Skills • Excellent troubleshooting and problem-solving abilities • Strong communication skills for technical and non-technical audiences • Project management experience with infrastructure initiatives • Ability to manage multiple priorities in a fast-paced environment

Physical Requirements:

• Ability to stand and walk.
• Ability to reach above, at, or below waist height
• Ability to kneel, bend, stoop, turn and twist
• Ability to lift 25lb regularly and occasionally up to 50 lbs.

Safety:

• The incumbent must be able to perform this job safely without endangering the health or safety of self or others.

Supervisory Responsibility:

• The position currently has no people supervisory responsibility Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job.

Duties, responsibilities and activities may change or be added at any time per business needs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Pay:

$110,000.00

• $130,000.

00 per year

Benefits:

401(k) 401(k) matching Dental insurance Employee assistance program Employee discount Flexible spending account Health insurance Life insurance Paid time off Vision insurance

Work Location:

In person