Systems Engineer (Cybersecurity & Infrastructure)at Quality Chemical Industries Limited (Qcil) ,Uganda, Kampala

Engineering
Kampala, Uganda
January 31, 2026
Full Time
Urgent
Application ends: February 13, 2026
Apply Now

Job Description

Reporting Line:

  • Reports to: Head of IT

  • Works closely with: Network Engineer (FortiGate / segmentation), OT stakeholders, Application owners, Vendors

  • Direct reports: Systems Administrator (Infrastructure & Applications)

Primary Objectives (What success looks like)

  • Secure, stable, and scalable server and platform environment with measurable availability and recoverability.

  • Evidence-ready controls for GxP/GMP audits (security, access, backup, DR, change control).

  • Reduced cyber risk through hardening, vulnerability remediation, monitoring, and privileged access control.

  • Predictable, documented system standards and architecture aligned to QCIL business goals.

  • Key Responsibilities (Technical – Detailed)

A. Infrastructure Architecture & Governance

  • Assess current server, virtualization, storage, identity, and application platform architecture and produce a target-state roadmap.

  • Define and maintain system standards: build templates, naming conventions, IP/DNS standards for servers, patching baselines, backup standards, and logging standards.

  • Approve system changes that affect regulated (GxP/GMP) services, ensuring documented impact assessment and rollback plans.

  • Ensure new technologies align with QCIL architecture and security guidelines before deployment.

B. Cybersecurity for Servers, Identity & Platforms

  • Own server hardening standards (Windows/Linux) and ensure alignment to recognized baselines and QCIL policies.

  • Lead vulnerability management for servers and core platforms: scan review, risk triage, remediation planning, and verification.

  • Administer and tune endpoint/server security tooling (EDR/AV policies for servers), and ensure critical servers are onboarded to SIEM/log monitoring.

  • Implement privileged access controls

  • Partner with the Network Engineer to ensure IT/OT segmentation is enforced for systems

  • Support incident response for system-side events.

C. Virtualization (VMware) & Platform Engineering

  • Own VMware design and lifecycle management.

  • Define VM templates, resource sizing standards, snapshot governance, and host patching schedules with controlled maintenance windows.

  • Design backup and recovery procedures for VMware hosts and critical VMs based on best practices.

D. Core Enterprise Systems (Microsoft 365, SAP, LIMS, TrackWise)

  • Lead infrastructure readiness for core platforms.

  • Coordinate vendor and internal technical teams during upgrades, changes, and troubleshooting of enterprise systems.

  • Define and maintain application dependency maps and connectivity matrices (ports/protocols) for regulated applications.

E. Backup, Disaster Recovery & Business Continuity

  • Own backup strategy and recovery assurance for servers, VMs, and databases: retention, encryption, monitoring, and restore testing.

  • Design, implement, supervise, and test QCIL’s Disaster Recovery Plan for systems.

  • Ensure DR documentation and evidence is audit-ready for GxP/GMP requirements.

F. Compliance, Audit & Documentation

  • Lead technical remediation of audit findings related to systems, access controls, patching, backups, logging, and security configuration.

  • Maintain architecture diagrams, as-built documentation, SOPs/runbooks, and system inventories.

  • Prepare monthly operational reporting: platform health, risks, vulnerability posture, backup/DR status, and improvement roadmap.

Key Performance Indicators (KPIs)

  • Platform availability (uptime) for critical services (AD/DNS, virtualization, core apps).

  • Backup success rate and restore test success rate for critical systems.

  • Vulnerability remediation SLA compliance (critical/high findings).

  • Audit findings closed within agreed timelines with evidence.

  • Mean time to resolve (MTTR) for system incidents and reduction of recurring issues.

Minimum Qualifications & Experience

  • BSc degree in IT, Computer Science, Engineering, or related field.

  • Minimum 5 years in Systems Administration/Engineering with demonstrated ownership of VMware and Windows Server environments.

  • Hands-on experience supporting enterprise platforms (Microsoft 365, SAP or similar ERP, LIMS, TrackWise or regulated quality systems).

  • Experience with vulnerability management and security tooling (EDR, SIEM concepts, hardening).

Certifications (Preferred)

  • Microsoft (e.g., Windows Server / Azure / M365) certifications.

  • VMware (VCP) or equivalent virtualization certification.

  • Security-related certification (e.g., Security+, vendor security training) – advantage.

  • ITIL Foundation – advantage.

Core Technical Skills

  • Windows Server (AD DS, GPO, DNS, DHCP), Linux administration, scripting/automation basics (PowerShell).

  • VMware vCenter/ESXi, HA/DRS, capacity planning, troubleshooting performance bottlenecks.

  • Backup and recovery tooling and methodology; DR planning and testing.

  • Database fundamentals (SQL Server/Postgres) including backup/restore, permissions, performance monitoring.

  • Security hardening, vulnerability remediation workflows, logging/monitoring concepts, and incident support.

Behavioral Competencies

  • Strong analytical problem-solving; evidence-based troubleshooting.

  • Excellent documentation discipline and change control mindset (especially for GxP systems).

  • Ability to communicate technical risk and options to non-technical stakeholders.

  • Collaborative leadership; mentoring Systems Administrator and working across teams.

Related Jobs