Search by job, company or skills

Tayal & Co

IT System Administrator

Tayal & Co
Mohali, India
3-5 Years

This job is no longer accepting applications

new job description bg glownew job description bg glow
  • Posted 4 months ago

Job Description

Position: IT System Administrator – On-Prem A-29 Office

Location: A-29, Mohali, Punjab

Type: Full-Time, On-Site Only

Preference: Local candidates (Mohali / Kharar / Chandigarh)

About Tayal & Co. and A-29

Tayal & Co. is a 25+ year engineering and manufacturing company supplying safety-critical components to Indian Railways. The A-29 office is being built as a fully on-prem, high-security IT environment with:

  • No cloud storage for core data
  • Strict network segmentation (server / office / guest)
  • Centralised identity and access control via Active Directory

We are looking for an IT System Administrator who can technically operate, harden, and maintain this environment day-to-day. This is a systems + network + security operations role, not a generic helpdesk profile.

Core Responsibilities

1. Active Directory, GPO and Identity
  • Operate Active Directory Domain Services on Windows Server 2025:
  • Manage user and computer accounts, security groups, and OU structure
  • Implement least-privilege access model for A/B/C level roles (Analyst, Manager, Dept Head, Director)
  • Configure and maintain Group Policy Objects (GPO) for:
  • Password & lockout policies
  • Login scripts, drive mappings, desktop lockdown
  • Device restrictions (USB, CD/DVD), disabling unneeded services/features
  • Monitor and interpret key AD / security events (e.g. 4624, 4625, 4740) for suspicious login behaviour.
2. File Server, NTFS Permissions and Data Governance
  • Maintain departmental shares and hierarchy (Working / Final / Shared) for After Sales, Marketing, Liaison, Finance, etc. using:
  • NTFS ACLs and share permissions
  • AD security groups (not per-user ACL sprawl)
  • Implement basic file governance:
  • Prevent storage of data on local C: and user desktops
  • Optionally use FSRM (File Server Resource Manager) for quotas / basic file screening
  • Perform file-level restores via:
  • Shadow Copies / Previous Versions (short-term)
  • Backup software (medium-term, e.g. 1–3 months retention)
  • Track and report unusual behaviour (mass deletions, permission changes).
3. Backup, Restore and Ransomware Readiness
  • Operate on-prem backup solution (e.g. Windows Server Backup / Veeam / similar) for:
  • Daily incremental + weekly full backup jobs to local backup storage/NAS
  • Scheduled offline backups to external HDD kept disconnected when not in use
  • Maintain a backup operations log (job status, failures, warnings, capacity trends).
  • Perform regular test restores (single file, single folder, and occasional full share tests) and document procedures.
  • In case of suspected ransomware:
  • Isolate affected workstation(s) from the network
  • Identify clean restore point and assist in restoring impacted shares under management supervision.
4. LAN Switching, VLANs and Cabling
  • Maintain structured cabling and patching:
  • Patch panels, labelled wall points, and switch ports
  • Up-to-date port map (floor, desk, switch, port) in documentation
  • Configure managed switches for:
  • Access ports for endpoints vs trunk ports for uplinks/APs
  • VLAN assignment (Server VLAN, Office VLAN, Guest VLAN, any special VLANs)
  • Basic STP and link monitoring
  • Troubleshoot L2/L3 issues:
  • No link / flapping ports / incorrect VLAN
  • IP conflicts, wrong gateway/DNS on clients.
5. Wi-Fi (EnGenius) Segmentation and Control
  • Operate EnGenius controller (on-prem or cloud, as applicable):
  • Configure Office SSID bound to internal VLAN for company laptops
  • Configure Guest SSID bound to guest VLAN with internet-only access
  • Enforce wireless security:
  • WPA2/WPA3, strong PSKs (or 802.1X if implemented)
  • Regular rotation of Wi-Fi keys per management policy
  • Verify that Guest SSID cannot route to server VLAN or management subnets.
6. Firewall and Perimeter Security (WatchGuard M390)
  • Operate the WatchGuard Firebox M390 (or equivalent):
  • Maintain NAT, basic routing, and high-level policy structure
  • Implement outbound policies:
  • Allow specific business domains (IREPS, govt, OEMs)
  • Block risky categories (webmail, cloud storage, social media) where mandated
  • Apply per-IP/per-subnet rules for exceptions (e.g. special PCs allowed limited Gmail for DSC work).
  • Manage UTM features as licensed:
  • Web filtering profiles (category-based)
  • IPS / Application control where appropriate
  • Take regular config backups; coordinate firmware upgrades with vendor/AMC.
  • Review firewall logs for unusual outbound traffic patterns or repeated blocked connections.
7. Endpoint Security and Workstation Management
  • Deploy and manage Bitdefender (or equivalent) on all PCs:
  • Real-time AV/AM protection
  • Ransomware / behaviour blocking where available
  • Device control: USB storage disabled (except approved exceptions)
  • Ensure endpoint patching:
  • Windows Updates (via WSUS or controlled manual process)
  • Critical third-party updates (e.g. .NET, Office)
  • Provide level-1/2 desktop support:
  • Network profile issues
  • Outlook configuration for @tayalco.com on approved mail servers
  • Printer/scanner setup within security constraints.
8. Monitoring, Incident Handling and Documentation
  • Continuously monitor:
  • Server performance (CPU, RAM, disk I/O, free space thresholds)
  • Network/port status and AP health via switch / EnGenius interface
  • Key security logs (AD, file server, firewall, endpoint alerts)
  • Handle incidents via defined SOP:
  • Isolate, log, and escalate malware/ransomware/suspicious outbound connections
  • Preserve basic evidence (timestamps, screenshots, log snippets)
  • Maintain clear documentation:
  • Network diagram (firewall, switches, APs, VLANs, server)
  • AD structure, groups, and GPO overview
  • Firewall high-level ruleset summary
  • Backup configuration and restore runbook
  • Submit concise weekly/fortnightly reports to management on:
  • Server health and usage
  • Backup status and test restores
  • Security incidents or notable changes made.
9. Coordination with External IT / Vendors
  • Work with external consultants for:
  • Initial and major configuration changes (firewall rules, new VLANs, server upgrades)
  • Email platform migration (cPanel to Exchange Online / M365) if approved
  • Execute on-site technical tasks as instructed:
  • Cabling changes, rack additions, equipment swaps
  • Running test scripts, applying patches under guidance
  • Ensure every change is documented and visible to Tayalco management.
Required Technical Profile
  • Diploma / BCA / BSc (IT/CS) or equivalent.
  • 3-5 years of hands-on experience in on-prem IT/system administration in a small/mid-size organisation.
  • Practical experience with:
  • Windows Server (2016/2019/2022/2025), AD DS, basic GPOs
  • NTFS permissions, SMB shares, profile redirection/mapped drives
  • Managed switches with VLANs (802.1Q), basic L2 troubleshooting
  • At least one UTM/firewall platform (WatchGuard / Fortinet / Sophos / SonicWall etc.)
  • Controller-based Wi-Fi (EnGenius / Ubiquiti / Cisco, etc.)
  • Solid understanding of:
  • IP addressing, subnetting (/24, /25), gateways, DNS/DHCP
  • Backup concepts (full/incremental, retention, RPO/RTO at basic level)
  • Endpoint hardening and basic security best practices.

Preferred:

  • Local candidate from Mohali / Kharar / Chandigarh for long-term stability.
  • Experience with simple PowerShell scripts for admin tasks.
  • Strong Exposure to setting up VLANs, AD and GPOs

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
It
Employment Type:
Full time

About Company

Tayal & Co

Job ID: 139979485

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 25-02-2026 02:59:04 PM
Homejobs in MohaliIT System Administrator