Senior Linux Systems & Security Administrator (Multi-Platform Web Hosting & CloudFlare Management) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sharp Innovations, Inc. · 1 month ago

Senior Linux Systems & Security Administrator (Multi-Platform Web Hosting & CloudFlare Management)

positionConestoga, PA
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$90K/yr - $110K/yr
date6+ years exp

Sharp Innovations is a leading Website design and Internet marketing firm located in Lancaster, PA. They are seeking a strategic systems and security leader to manage infrastructure and security for their largest client while scaling best practices across their portfolio. The role involves hands-on work in implementing solutions and guiding the team towards security revenue growth.

AdvertisingBrand MarketingSEMSEOWeb Development
check
Growth Opportunities

Responsibilities

Take full ownership of the web hosting environment consisting of two production Linux web servers (on RackSpace) using Apache/PHP-FPM running a custom PHP/MVC application and two production Linux database servers (Master/Replica) running MySQL Enterprise 8.x
Harden load balancing (HAProxy/Nginx), PHP-FPM, MySQL, and server configs
Deploy and tune Cloudflare Enterprise: WAF, bot management, rate limiting, Workers, Zero Trust
Implement centralized logging (Cloudflare Logpush → ELK/Graylog) and real-time alerting
Conduct penetration tests, remediate findings, and document baseline security posture
Beyond the 90 day, one major initiative is the implementation of a geographically separate data center
This means implementing and migrating to a Multi-Data Center Architecture with almost certainly some form of Anycast Routing so that web traffic is actually fault tolerant. Then on the database side we would have to move away from the simple Master/Replica configuration to some kind of clustering (probably MySQL Group Replication [MGR] but there are other options) and adding a proxy layer (MySQL Router) so that if master database (located in a single data center) goes down MGR will automatically detect and handle promotion of the appropriate REPLICA to MASTER and because of the proxy layer the application is unaware and doesn’t need to be changed (you don’t need to point the DB connection to another server OR go through the process of manually promoting/demoting)
Beyond the 90 day, is SOC2 compliance and reporting
There are two main areas to deal with here, one is our internal processes and procedures for development and how updates are made to their application, and the second is the hosting environment itself and so when this Multi-Data Center Architecture is implemented SOC2 needs part of the overall plan and so the applicant needs to be either familiar with the concept or willing to jump through all the hoops and hurdles (it will be annoying) to comply with the SOC2 guidelines
Balance the weekly workflow being approximately 50% focused on our flagship client, and 50% on other clients and internal infrastructure projects/goals
Manage 10+ Linux servers across data centers and cloud providers
Automate patching, config management, and compliance requirements
Secure WordPress, Drupal, Magento, Joomla, OpenCart, and other frameworks at scale (plugin vetting, auto-updates, rollback)
Enforce SSL, HSTS, CSP, secure headers via Cloudflare + server templates
Build multi-region encrypted backups (Restic/Rclone → Cloudflare R2, or other recommended setups)
Act as manager for internal IT and infrastructure:
Lead server migrations and consolidations
Help design and implement next-gen file server, sync, and backup solutions, and other in-flight initiatives (such as Greg’s VoIP project)
Own technology procurement, licensing, budgeting, and vendor relationships
Define and enforce internal security policies, SSO, Zero Trust, endpoint management
Set multi-year technology strategy and roadmap, and effectively manage and implement it to success
Continue to own production security and major incidents, but delegate day-to-day ops as we grow the team under you
While this role is NOT a CTO position as of today, it would likely evolve formally into a CTO position when the right hire would prove themselves for it. The ideal fit who meets this would also likely have future partnership opportunities in the larger company as well
Productize security offerings: audits, WAF management, incident response retainers
Conduct client-facing security assessments and present findings/recommendations
Create case studies from flagship client wins to win new business. You don’t need to be the primary salesperson leading the charge, but will work alongside them as the technical consult to speak intelligibly into those conversations
Train internal teams on secure development and DevSecOps basics
Incident response lead: containment, forensics, client comms, post-mortems
Monitoring & alerting: Prometheus/Grafana, Cloudflare Analytics, SIEM
Disaster recovery: RPO < 15 min, RTO < 1 hr for critical clients
On-call rotation (shared; ~1 week/month)

Qualification

Linux AdministrationWeb SecurityCloudflare ManagementLoad BalancingLAMP StackMySQLCakePHPMonitoring ToolsClient-Facing SkillsTechnical ConsultingIncident ResponseSoft SkillsTeam Leadership

Required

Linux Admin - 10+ years production multi-server environments (RackSpace, DigitalOcean, Other)
Web Stacks - Expert in LAMP + securing WordPress, Drupal, Magento, Joomla, OpenCart, etc
CakePHP - Production deployment, security hardening, performance tuning
Load Balancing - HAProxy, Nginx, or Keepalived in HA setups
Cloudflare Business/Enterprise - WAF, Workers, R2, Zero Trust, Page Rules, Cache API, Argo
Security - OWASP, CIS, ModSecurity, fail2ban, iptables/ufw
Monitoring - Cloudflare Observability
Client-Facing - Experience explaining technical risks to non-technical stakeholders
Web and/or Network Security: 6 years (Required)
Linux Admin: 6 years (Required)
English (Required)

Preferred

Cloudflare Load Balancing or Origin Rules for multi-backend routing
Certifications: CISSP, OSCP, CCSP, or Cloudflare Certified Administrator
Plesk/cPanel/WHM + SSO (Cloudflare Access)
Experience selling technical services (consulting, audits, retainers)
Docker/Podman for internal tools or staging
Web/App development capability. Would be helpful to be able to cover as-needed, or help part-time as an option to handle overflow. Also gives greater ability to handle the software level security enhancements to websites and apps we manage. Some specifics would be, PHP, MySQL, JavaScript (native, jQuery, NodeJs, CF Workers, Etc), Html, CSS, Rest API usage, GIT familiarity
Bachelor's (Preferred)
Location: Conestoga, PA 17516 (Preferred)

Benefits

Health and dental insurance
Short & long term disability insurance
SIMPLE (Savings Incentive Match Plan for Employees) IRA, upon eligibility
Generous vacation/holiday allowance
Participation in company bonus plan
Fun and flexible work environment
401(k) matching
Dental insurance
Flexible schedule
Health insurance
Health savings account
Life insurance
Paid time off
Parental leave
Retirement plan
Vision insurance

Company

Sharp Innovations, Inc.

twittertwittertwitter
company-logo
Sharp Innovations is a value-focused, web design and digital marketing firm that specializes in providing client-specific design, marketing and business development solutions.
dateFounded in 1999
location
Lancaster, Pennsylvania, USA
people-size11-50 employees
web-link
http://www.sharpinnovations.com

Funding

Current Stage
Early Stage

Leadership Team

J
Joseph Sharp
CEO
linkedin
Company data provided by crunchbase