Ward’s Hydraulics Services Ltd (https://wardshydraulic.com) located at 224 Cayer St #1, Coquitlam, BC V3K 5B1 has a full-time permanent position for an IT Specialist-IT Manager. This is a dual role, managing IT but also extensive hands-on work. Hands on work will include duties related to Information Systems, Computer Network –Web systems and User Support. The applicant will work for Wards Hydraulics but provide IT services to Wards and it’s sister company Envirotech (https://envirotechfiresystems.com) that’s located in the same building and owned by same owner
Duties
Information Systems
• Collect, analyze data to identify areas for improvement
• Leverage performance and security monitoring tools to evaluate Windows Servers hosting Epicor ERP, SQL databases, SSRS services, VMware/Proxmox virtual environments, Microsoft 365 activity. Identify inefficiencies, security gaps (e.g. unpatched vulnerabilities, suspicious activity in logs), performance bottlenecks, recommend targeted optimizations and remediation strategies
• Review existing IT systems and internal processes
• Assess ERP workflows, SQL maintenance tasks, SSRS distribution, virtualization resource allocation, security controls (e.g. firewall rules, antivirus/EDR deployments, Group Policy settings). Confirm practices meet organizational standards, regulatory compliance, and follow cybersecurity best practices
• Develop, implement, apply policies, procedures throughout SDLC
• Establish coding, testing, and deployment guidelines that incorporate security-by-design principles. Enforce secure coding standards for ERP customizations, SQL procedures, SSRS reports; institute regular vulnerability scanning; apply least-privilege access models throughout all environments
• Develop quality assurance procedures, tests for new and existing systems
• Create QA test suites that verify system functionality, load performance, and security posture. Validate ERP, SQL, SSRS components are hardened against common threats, that VM configurations follow secure baseline templates, and Microsoft 365 tenant policies support data protection and compliance
• Identify, analyze, document discrepancies and ensure appropriate adjustments
• Investigate root causes of IT issues (e.g. slow SQL queries, SSRS rendering problems, suspicious login attempts. Document findings, implement mitigations e.g stronger encryption protocols, stricter firewall rules, and collaborate with IT teams to maintain secure infrastructure
• Perform preventive maintenance tasks on computer systems - Regularly patch Windows Servers, update SQL and SSRS components, rotate encryption keys, review VM templates to ensure compliance and security. Conduct routine antivirus/EDR scans, vulnerability assessments, Microsoft 365 security audits to maintain resilient threat-resistant environment
Computer Network/Web Technician
• Maintain, troubleshoot, repair, administer LANs, WANs, mainframe networks
• Oversee network hardware (firewalls, managed switches, PBX), ensure secure connectivity to ERP, SQL, SSRS resources. Monitor network traffic for intrusion attempts, apply firewall policies aligned with zero-trust principles, ensure remote access solutions are securely implemented
• Evaluate, install hardware, software, OS, and applications
• Deploy Windows Servers with hardened configurations, provision VMs in VMware/Proxmox following security baseline templates integrate Microsoft 365 services with MFA and conditional access policies. Install, configure network security appliances, apply secure switch VLAN setups, update firmware to mitigate known vulnerabilities
• Operate master consoles to monitor performance and security of systems and networks
• Use centralized dashboards and SIEM solutions to track system loads, SQL query times, SSRS performance, security alerts. Adjust firewall rules, VM resources, intrusion detection/prevention settings in real time to maintain optimal performance and a robust security stance
• Provide problem-solving services to network users
• Assist staff experiencing ERP latency, SQL timeouts, SSRS report issues, or suspicious login attempts in Microsoft 365. Guidance through secure troubleshooting steps, safe computing practices, escalate complex security incidents to senior specialists
• Perform routine network start up and close down and maintain control records
• Follow secure startup/shutdown protocols for servers, VMs, and network devices. Document changes to firewall configurations, switch settings, security group memberships to maintain an accurate audit trail
• Perform data backups, disaster recovery operations
• Execute, verify secure backups of SQL databases, ERP data, SSRS configurations. Test encrypted restore operations within VMware/Proxmox DR environments. Confirm backup storage is protected, encrypted, isolated and recovery procedures meet organizational RPO/RTO and security standards
• Conduct tests, perform security and quality controls
• Run regular vulnerability scans, apply security patches, validate SSL/TLS configurations, conduct periodic penetration tests. Confirm adherence to password policies, MFA enforcement in Microsoft 365, and principle-of-least-privilege in SQL roles and SSRS permissions
• Perform shell scripting, basic scripting tasks
• Use PowerShell scripts to automate repetitive security tasks, e.g firewall rules, reviewing event logs for anomalies
• Ensure scripts follow secure coding practices and stored in restricted repositories
• May supervise other workers
• Lead junior technicians in secure network troubleshooting, cybersecurity awareness training, implementation of compliance-driven changes. Mentor on safe handling of credentials, data classification protocols, secure deployment processes
User Support Technician
• Communicate electronically/in person with users to determine document problems
• Record details of issues - Epicor ERP login failures, SQL query delays, SSRS display errors, suspicious Microsoft 365 activities. Verify user identities before accessing systems, maintain confidentiality, document all incidents in secure ticketing system
• Consult user guides, technical manuals, and other documents
• Reference ERP, SQL, SSRS, VMware/Proxmox, Microsoft 365 security documentation to find secure solutions. Apply guidelines from vendor security advisories, ensure recommended hardened settings are implemented follow internal security practices
• Reproduce, diagnose, resolve technical problems
• Create test scenarios in sandbox environments to replicate issues securely. Run SQL queries in contained test database, adjust SSRS parameters, tweak VM resource allocation
• Provide advice and training to users. Educate users on secure use of Epicor ERP (e.g.safe data handling), safe SSRS data export practices, compliance with Microsoft 365 data protection policies. Promote cybersecurity awareness, phishing recognition and secure file sharing
• Provide business systems, network, Internet support to users
• Assist employees with secure remote access solutions (VPN with MFA), troubleshoot Microsoft 365 authentication issues, guidance to adhere to IT security protocols. Ensure no data is exposed/ transferred through insecure channels
• Collect, organize, maintain problems and solutions log
• Update secure knowledge base with insights on common issues, recommended patches, secure ERP configuration tips, SQL optimization with encryption, SSRS permission setups, VM snapshots protected with role-based access controls
• Participate in redesign of applications and other software
• Collaborate with developers to incorporate secure coding practices into ERP enhancements, SQL stored procedures, SSRS scripting, and VM management tools
• May supervise other technical support worker. Oversee junior support staff, ensure they follow IT security policies and assisting users. Assign security-related training tasks
IT Manager
• Plan, organize, direct, control, evaluate operations of IT and EDP departments
• Oversee IT security strategies governing Epicor ERP, SQL databases, SSRS services, virtual infrastructures, and Microsoft 365 administration. Ensure cybersecurity goals—such as zero-trust network architecture, GDPR/PCI compliance, ransomware protection are met
• Develop, implement policies, procedures for EDP, systems development and operations
• Create and enforce policies covering data classification, encryption standards, secure remote access, patch management cycles, regular security audits. Integrate policies into daily operations, ensuring consistency and compliance
• Assemble and manage teams of IT personnel
• Build and mentor cross-functional IT teams, security analysts, network engineers, database administrators, ERP specialists, and virtualization experts. Encourage continuous security training, certification pursuits, knowledge sharing sessions to maintain a workforce skilled in threat prevention
• Control budget and expenditures
• Allocate funds strategically for security tools, including firewalls, EDR solutions, encryption licensing, secure backup appliances. Invest in training, penetration tests, external audits, and security frameworks that strengthen overall cybersecurity posture
• Recruit, supervise analysts, engineers, programmers, technicians, and other personnel
• Hire, develop IT professionals with strong security acumen. Offer professional development in secure coding, compliance standards, incident response, threat intelligence. Ensure a proactive approach to IT security is ingrained in all roles and responsibilities
Experience
Must have sufficient experience and skills to perform the duties listed above
Education
Degree in Information Technology
Wages and Benefits
• $85 000 per annum / 37.5 hrs per week
• 2 weeks’ vacation per year
• Health, Dental and Vision benefits and basic life insurance
How to apply
Please send following to wardsjobs01@gmail.com
o Resume
o Motivation letter
o References
o Copy of Degree
o Answer the 7 technical questions
o Hybrid Identity and Authentication Integration:
When migrating an on-premises Active Directory domain controller environment to a hybrid Azure AD tenant, how would you securely integrate Epicor ERP authentication that users can seamlessly access the ERP application via SSO, ensure proper synchronization of on-prem user attributes with Azure AD Connect, simultaneously enforce conditional access policies in Office 365 and other Azure-based services? Outline the architectural steps and configurations required, including any firewall, reverse proxy, or certificate considerations
o DevOps Pipeline for ERP Customization and Reporting:
In a scenario where you need to implement CI/CD pipeline for Epicor ERP customizations and SSRS reports hosted on Windows Servers, describe how you would leverage Azure DevOps pipelines to automate code integration, artifact versioning, environment configuration, secure deployment to production servers. Consider the complexity of network segmentation, role-based access for build agents, key vault integration for sensitive credentials, ensuring SQL Server Reporting Services remain fully functional and secured throughout the deployment cycles
o SSRS and ERP Data Security at Scale:
If tasked with ensuring SSRS reports pulling data from Epicor ERP’s SQL database meet stringent data governance and compliance requirements, how would you architect a solution to restrict data access based on user roles in AD/Azure AD, implement row-level security in SQL, encrypt data in transit and at rest, ensure that the Office 365 user identities consuming these reports remotely adhere to MFA, conditional access, and monitored network egress points
o High Availability and Disaster Recovery Across Hybrid Environments
Describe in detail how you would design a high availability and disaster recovery strategy for Epicor ERP and its associated SQL/SSRS servers hosted on Windows Servers, while ensuring continuous authentication services provided by on-prem AD and Azure AD. In your answer, detail the use of Always On Availability Groups for SQL, load balancing configurations for ERP front-end servers, secure replication of VM snapshots to Azure, and automated failover procedures triggered via Azure Site Recovery or similar tooling
o Migration from On-Prem Datacenter to Azure for ERP and Directory Services
Outline step-by-step architectural blueprint for migrating an existing Epicor ERP deployment, currently running on bare-metal Windows Servers, into a virtualized environment (e.g., VMware/Proxmox) that integrates with both on-prem Active Directory and Azure AD. Include details how you would securely reconfigure network segments to accommodate virtual machines, migrate SQL databases supporting Epicor and SSRS to VMs, synchronize local identities with Azure AD Connect, and ensure that Office 365 applications continue to function securely. Consider the approach for handling legacy storage formats, the use of virtualization templates for secure baselines, and minimal downtime strategies during ERP data and identity migration
o Automated Compliance and Security Enforcement in CI/CD Processes
Discuss how you would implement an automated compliance, patching, and security validation process within a DevOps pipeline that governs updates to Epicor ERP servers, Windows Server OS patches, SSRS report deployments, and Group Policy configurations sourced from an on-prem Active Directory domain controller. Consider the use of Infrastructure as Code (IaC) templates for VM provisioning (e.g., VMware/Proxmox), integrating security scanning tools in the build pipeline, leveraging Group Policy for enforcing baseline OS and application settings, ensuring code integrity through signed ERP customizations, establishing rollback triggers if any stage fails security or compliance checks
o Monitoring, Alerting, and Incident Response in a Hybrid Architecture
In a hybrid environment encompassing Epicor ERP, SQL/SSRS reporting on Windows Servers, Office 365 integration, and Azure AD authentication, describe a comprehensive monitoring and incident response plan. Detail how you would use Azure Monitor, Microsoft Sentinel, or equivalent SIEM solutions to track suspicious user logins, unusual network traffic patterns between ERP app servers and the domain controllers, failed SSRS rendering attempts from external sites, changes in DevOps pipeline runs. Explain how alerts should be routed, how runbooks or Azure Functions might automatically isolate compromised resources, how service-level agreements for uptime and RPO/RTO requirements factor into this plan
Only applicants that follow these instructions will be considered.
|