CAREERS
Working at Qcil
Qcil’s vision is to become a center of excellence for the production of quality, affordable medicines and is proud to be the first WHO pre-qualified manufacturer of HIV/AIDS and Malaria treatments in the region.
To achieve this goal, Qcil employs professionals who are not only skilled and knowledgeable but also passionate about the pharmaceutical industry and making a positive impact. Currently, Qcil has over 500 employees, each of whom is dedicated to upholding high standards of quality and excellence in all aspects of our operations.
For more info, contact recruitment@qcil.com
NETWORK ENGINEER
Job Summary:
The Network Engineer is responsible for designing, transforming, securing, and governing QCIL’s network infrastructure (switching, routing, wireless, WAN, and firewalls). The role owns network architecture, IT/OT (GxP) segmentation enforcement, FortiGate firewall lifecycle management, network monitoring, and network disaster recovery readiness.
Reporting Line:
Reports to: Head of IT
Works closely with: Systems Engineer, Security Engineer, OT stakeholders, Application owners (SAP/LIMS/TrackWise/M365), Vendors/ISPs
Primary Objectives (What success looks like)
Secure and stable network services with measurable availability and performance across all QCIL.
Enforced IT/OT segmentation protecting GxP systems via Firewall policy.
Reduced cyber risk through strong perimeter controls, secure remote access, and continuous monitoring.
Documented, standardized configurations with controlled change management and clear rollback plans.
Key Responsibilities
A. Network Architecture, Standards & Transformation
Assess and document current-state network topology and produce target-state designs (HLD/LLD) covering LAN/WAN, routing, VLANs, wireless, and firewall zoning.
Define and enforce network configuration standards.
Direct system installations and cutovers.
B. IT/OT Segmentation & Access Control
Design and maintain security zones and segmentation controls to protect OT/GxP equipment and associated data.
Maintain a connectivity matrix for regulated systems (sources/destinations/ports/justifications), and ensure changes follow change control and are evidence-ready for audit.
Implement secure management-plane access.
C. Firewall Engineering & Perimeter Services
Own Firewall lifecycle management: policy architecture (zone-based), object governance, NAT, VPNs (site-to-site and remote access), HA/health checks, backups, and firmware lifecycle.
Implement security controls appropriate to the environment.
Conduct quarterly firewall rule reviews (remove unused rules, reduce risk, ensure logging and justifications).
D. Monitoring, Performance & Troubleshooting (Tier-3)
Implement and tune network monitoring (e.g., PRTG/OpManager).
Perform evidence-based root cause analysis on outages and performance issues and implement preventative fixes.
Plan and deliver upgrades and optimizations (firmware, topology improvements, QoS for voice/critical traffic) with change control and post-change validation.
E. Enterprise Systems Connectivity (M365, SAP, LIMS, TrackWise)
Ensure network readiness for core systems: DNS/routing correctness, firewall allowlists, proxy paths, VPN/remote access, and capacity planning.
Collaborate with Systems Engineer and application owners during upgrades and incidents to isolate network vs system/application causes and restore service quickly.
F. DR, Audit & Documentation
Implement and test network components of the Disaster Recovery Plan: firewall restore procedures, VPN failover, alternate connectivity, DNS/routing failover, and documented runbooks.
Participate in network-related audits and lead remediation; provide evidence (configs, logs, access controls, firmware/patch posture) and track closure.
Maintain up-to-date network diagrams, as-built documentation, SOPs/runbooks, and lifecycle registers (firmware, ISP circuits, VPN inventory).
Key Performance Indicators (KPIs)
Network availability/uptime for critical services and sites.
Mean time to resolve (MTTR) for network incidents and reduction of repeat incidents.
Firewall policy hygiene: quarterly rule review completion, removal of unused/risky rules, and audit evidence quality.
IT/OT segmentation compliance: approved connectivity matrix coverage and change control adherence.
Monitoring coverage and alert quality (noise reduction, critical detection).
Minimum Qualifications & Experience
BSc in IT/Computer Science/Engineering or related field.
5+ years of network engineering experience delivering LAN/WAN/firewall solutions in production environments.
Strong hands-on experience with NG firewalls (FortiGate preferred), routing/switching, and wireless design.
Experience with network monitoring tools (e.g., PRTG, OpManager) and structured troubleshooting (RCA).
Certifications (Preferred)
· CCNA/CCNP or equivalent networking certifications.
· Fortinet certifications (NSE/FCP/Fortinet Firewall) – strong advantage.
· ITIL Foundation – advantage; security training/certification – advantage.
How to Apply
Interested persons who meet the above requirements should hand deliver or email their applications and resumes with supporting documents, with the “Role Name” as the subject to the Qcil Front Desk, or recruitment@qcil.com.
Deadline for receiving applications: Friday 13th February 2026
Only short-listed candidates will be contacted. Qcil is an equal opportunity employer and therefore lobbying for the above position will lead to automatic disqualification.
SYSTEMS ENGINEER (Cybersecurity & Infrastructure)
Job Summary:
The Systems Engineer (Cybersecurity & Infrastructure) is a senior technical role responsible for designing, securing, and governing QCIL’s server and platform environment. The incumbent will lead infrastructure architecture, virtualization (VMware), enterprise application platform readiness (Microsoft 365, SAP, LIMS, TrackWise), and system security controls required to protect GxP/GMP environments. This role owns standards, technical governance, and disaster recovery design, while the Systems Administrator executes approved operational workstreams.
Reporting Line:
Reports to: Head of IT
Works closely with: Network Engineer (FortiGate / segmentation), OT stakeholders, Application owners, Vendors
Direct reports: Systems Administrator (Infrastructure & Applications)
Primary Objectives (What success looks like)
Secure, stable, and scalable server and platform environment with measurable availability and recoverability.
Evidence-ready controls for GxP/GMP audits (security, access, backup, DR, change control).
Reduced cyber risk through hardening, vulnerability remediation, monitoring, and privileged access control.
Predictable, documented system standards and architecture aligned to QCIL business goals.
Key Responsibilities (Technical – Detailed)
A. Infrastructure Architecture & Governance
Assess current server, virtualization, storage, identity, and application platform architecture and produce a target-state roadmap.
Define and maintain system standards: build templates, naming conventions, IP/DNS standards for servers, patching baselines, backup standards, and logging standards.
Approve system changes that affect regulated (GxP/GMP) services, ensuring documented impact assessment and rollback plans.
Ensure new technologies align with QCIL architecture and security guidelines before deployment.
B. Cybersecurity for Servers, Identity & Platforms
Own server hardening standards (Windows/Linux) and ensure alignment to recognized baselines and QCIL policies.
Lead vulnerability management for servers and core platforms: scan review, risk triage, remediation planning, and verification.
Administer and tune endpoint/server security tooling (EDR/AV policies for servers), and ensure critical servers are onboarded to SIEM/log monitoring.
Implement privileged access controls
Partner with the Network Engineer to ensure IT/OT segmentation is enforced for systems
Support incident response for system-side events.
C. Virtualization (VMware) & Platform Engineering
Own VMware design and lifecycle management.
Define VM templates, resource sizing standards, snapshot governance, and host patching schedules with controlled maintenance windows.
Design backup and recovery procedures for VMware hosts and critical VMs based on best practices.
D. Core Enterprise Systems (Microsoft 365, SAP, LIMS, TrackWise)
Lead infrastructure readiness for core platforms.
Coordinate vendor and internal technical teams during upgrades, changes, and troubleshooting of enterprise systems.
Define and maintain application dependency maps and connectivity matrices (ports/protocols) for regulated applications.
E. Backup, Disaster Recovery & Business Continuity
Own backup strategy and recovery assurance for servers, VMs, and databases: retention, encryption, monitoring, and restore testing.
Design, implement, supervise, and test QCIL’s Disaster Recovery Plan for systems.
Ensure DR documentation and evidence is audit-ready for GxP/GMP requirements.
F. Compliance, Audit & Documentation
Lead technical remediation of audit findings related to systems, access controls, patching, backups, logging, and security configuration.
Maintain architecture diagrams, as-built documentation, SOPs/runbooks, and system inventories.
Prepare monthly operational reporting: platform health, risks, vulnerability posture, backup/DR status, and improvement roadmap.
Key Performance Indicators (KPIs)
Platform availability (uptime) for critical services (AD/DNS, virtualization, core apps).
Backup success rate and restore test success rate for critical systems.
Vulnerability remediation SLA compliance (critical/high findings).
Audit findings closed within agreed timelines with evidence.
Mean time to resolve (MTTR) for system incidents and reduction of recurring issues.
Minimum Qualifications & Experience
BSc degree in IT, Computer Science, Engineering, or related field.
Minimum 5 years in Systems Administration/Engineering with demonstrated ownership of VMware and Windows Server environments.
Hands-on experience supporting enterprise platforms (Microsoft 365, SAP or similar ERP, LIMS, TrackWise or regulated quality systems).
Experience with vulnerability management and security tooling (EDR, SIEM concepts, hardening).
Certifications (Preferred)
Microsoft (e.g., Windows Server / Azure / M365) certifications.
VMware (VCP) or equivalent virtualization certification.
Security-related certification (e.g., Security+, vendor security training) – advantage.
ITIL Foundation – advantage.
Core Technical Skills
Windows Server (AD DS, GPO, DNS, DHCP), Linux administration, scripting/automation basics (PowerShell).
VMware vCenter/ESXi, HA/DRS, capacity planning, troubleshooting performance bottlenecks.
Backup and recovery tooling and methodology; DR planning and testing.
Database fundamentals (SQL Server/Postgres) including backup/restore, permissions, performance monitoring.
Security hardening, vulnerability remediation workflows, logging/monitoring concepts, and incident support.
Behavioral Competencies
Strong analytical problem-solving; evidence-based troubleshooting.
Excellent documentation discipline and change control mindset (especially for GxP systems).
Ability to communicate technical risk and options to non-technical stakeholders.
Collaborative leadership; mentoring Systems Administrator and working across teams.
How to Apply
Interested persons who meet the above requirements should hand deliver or email their applications and resumes with supporting documents, with the “Role Name” as the subject to the Qcil Front Desk, or recruitment@qcil.com.
Deadline for receiving applications: Friday 13th February 2026
Only short-listed candidates will be contacted. Qcil is an equal opportunity employer and therefore lobbying for the above position will lead to automatic disqualification.
SYSTEMS ADMINISTRATOR (Infrastructure & Applications)
Job Summary:
The Systems Administrator (Infrastructure & Applications) is responsible for day-to-day administration, monitoring, and maintenance of QCIL server and endpoint environments. The role executes operational tasks, maintenance activities, and approved changes under the governance of the Systems Engineer, ensuring availability, patch compliance, backups, and user/service support for both IT and regulated (GxP/GMP) systems.
Reporting Line:
Reports to: Systems Engineer (Cybersecurity & Infrastructure)
Works closely with: Service Desk / IT Support, Network Engineer, Application owners, Vendors
Key Responsibilities (Operational – Detailed)
A. Server & Endpoint Administration
Administer Windows/Linux servers: service health checks, scheduled maintenance, and routine troubleshooting.
Manage Active Directory operations: user and group administration, OU hygiene, password policies implementation, and access requests execution.
Execute endpoint management operations using SCCM/MEM (software deployments, imaging, compliance checks, patch rollouts where applicable).
B. Patching & Configuration Management
Perform server patching according to approved maintenance schedules; validate services post-patch and document outcomes.
Apply configuration changes that are approved and documented by the Systems Engineer (including GxP change control requirements).
Maintain accurate system inventories (assets, OS versions, application versions, warranties, licenses).
C. Monitoring, Incident Response & Escalations
Monitor systems and infrastructure alerts; respond to incidents, perform initial diagnostics, and escalate appropriately.
Collect logs and evidence required for troubleshooting (event logs, service logs, application logs) and provide structured handover notes.
Support service desk escalations (L2/L3) with clear RCA notes and preventative actions.
D. Backup Operations & Restore Testing
Operate daily/weekly backup jobs and resolve failures; notify Systems Engineer of risks.
Execute approved restore tests for critical systems and document results for audit evidence.
Maintain backup documentation, retention checks, and offsite copy verification where implemented.
E. VMware Operations (Execution)
Provision and manage VMs using approved templates and sizing standards.
Maintain snapshot hygiene (creation, monitoring, removal) and VM housekeeping tasks.
Perform operational activities in vCenter under guidance (migrations, resource adjustments, routine health checks).
F. Application & Database Operations
Provide infrastructure-level support for core systems (Microsoft 365 connectivity dependencies, SAP/LIMS/TrackWise service checks).
Perform routine database operations as assigned (backup/restore, user provisioning, basic health checks) for SQL Server/Postgres.
Coordinate with vendors for standard support tasks and provide required logs and evidence.
G. Security Operations Support
Implement security configurations and remediation actions approved by the Systems Engineer (hardening steps, patching, removing insecure services).
Support vulnerability remediation work items and maintain evidence of completion.
Monitor for security issues as directed (suspicious logins, abnormal server events) and escalate immediately.
Key Performance Indicators (KPIs)
Patch compliance rate for servers/endpoints within maintenance windows.
Backup job success rate and time-to-fix backup failures.
Incident response SLA adherence and quality of escalation notes.
Accuracy of system inventory and documentation updates.
Reduction in repeated operational issues through SOP adherence.
Minimum Qualifications & Experience
BSc degree in IT, Computer Science, or related field (or equivalent experience).
3–5 years in Systems Administration supporting Windows Server environments.
Hands-on experience with Active Directory, Group Policy, DNS/DHCP, backups, and basic virtualization operations.
Working knowledge of SCCM/MEM and basic database operations is an advantage.
Certifications (Preferred)
Microsoft certifications (Windows Server / M365) – advantage.
ITIL Foundation – advantage.
Basic security training/certification – advantage.
Behavioral Competencies
Strong operational discipline and documentation accuracy.
Customer service mindset with professional communication.
Ability to follow change control, especially in regulated environments.
Teamwork and willingness to learn from senior engineers.
How to Apply
Interested persons who meet the above requirements should hand deliver or email their applications and resumes with supporting documents, with the “Role Name” as the subject to the Qcil Front Desk, or recruitment@qcil.com.
Deadline for receiving applications: Friday 13th February 2026
Only short-listed candidates will be contacted. Qcil is an equal opportunity employer and therefore lobbying for the above position will lead to automatic disqualification.