Why this role mattersYou will own and evolve GOTEC’s global hybrid-cloud backbone—powering >10 plants and 2000+ colleagues—while embedding Zero-Trust and segmentation-by-design across our entire tech stack.Key outcomes – first 12 months Build complete PAW environment for Admins, Devs and OT ENgineers Migrate domains to Azure AD PIM, incl. scoped admin roles and JIT workflows Enforce Zero‑Trust segmentation across WAN, Azure and OT VLANs—reducing lateral movement paths by 80 % Reduce SIEM false positives by 50 % and maintain SLA adherence on all “high” severity alerts What you will do Lead architecture and operations in your domain across Azure, VMware/Hyper‑V, HCI, SAN  Design and enforce Zero‑Trust policies: PAWs, Tier‑0, NAC, micro‑segmentation, SCADA overlays Build and maintain secured network topologies (ExpressRoute, SD‑WAN, BGP, MACsec, 802.1X, ACLs) Drive infra-as-code across cloud & on‑prem (Terraform/Bicep, GitHub/Azure DevOps) Stand-up and operate global SOC coverage incl. MSSP onboarding & runbooks Implement ITIL service processes, KPIs and risk remediation plans (incl. audit readiness) Work closely with our development department to ensure fast and secure deployment processes Mentor engineers, lead tabletop drills & participate in red‑team simulations Ensure compliance with TISAX, ISO 27001, GDPR, and EU Cloud Security requirements Act as escalation and take part in on-call rotation (≤ 20 % travel) Must-have skills 10+ years building & operating enterprise-grade Azure / hybrid infrastructures Expert in VMware or Hyper-V (incl. vSAN, SCVMM), HCI, backup/DR, SAN/NAS Proven track record in Zero-Trust architecture (Tier-0 design, NAC, OT isolation) Strong hands-on with enterprise networking: ExpressRoute, SD-WAN, BGP, routing/security zones IaC and CI/CD pipelines using Terraform/Bicep and GitHub / ADO Security monitoring & tuning (Wazuh, Prometheus, Grafana) Process leadership (ITIL KPIs, SLA governance, CAB participation) Excellent written/spoken English (C1), confident presenter and documentation lead Nice-to-have AZ‑305, VCAP‑DCV, NSE 6/7, CISSP/CCSP, ITIL MP ISA/IEC 62443 familiarity (zones, conduits, firewall patterns) Familiarity with TISAX, ISA/IEC 62443, ISO 27001 Experience designing and leading red‑team or tabletop security drills Language: German or Polish beneficial