Background 

Bamboo Village Trust (BVT) is a philanthropic financial vehicle under the Bamboo Village Initiative (BVI), established to restore degraded lands and improve rural livelihoods through bamboo-based agroforestry systems. BVT aims to scale up 200 Bamboo Villages by 2030, regenerating 400,000 hectares across the tropical belt.

As BVT expands its digital and geographic footprint, securing organizational infrastructure is critical. BVT operates a hybrid infrastructure combining Synology NAS (on-premises repository) and Microsoft SharePoint (cloud collaboration) as central data platforms. To ensure robust security, high reliability, and future scalability, BVT seeks a highly skilled IT & Network Security Specialist with deep expertise in enterprise-level system architecture and cybersecurity.

The IT & Network Security Specialist will lead the design, maintenance, and security hardening of BVT’s core IT infrastructure. This includes system optimization of NAS and SharePoint, building resilient VPN access, securing internal networks, detecting and mitigating threats, and ensuring backup integrity and data sovereignty. The Specialist will also serve as a strategic advisor to the Executive Team on matters of digital risk, infrastructure scalability, and compliance with international cybersecurity standards.

Responsibilities

1. Infrastructure & Systems Administration 
   1. Maintain and optimize Synology NAS for versioned file storage, access control, and backup integrity
   2. Manage Microsoft SharePoint as collaborative document management and workflow tool
   3. Set up and manage domain-based access, folder-level permissions, and data retention policies
   4. Configure scheduled and off-site encrypted backups for business continuity
2. Network & Cybersecurity Management 
   1. Design and maintain VPN infrastructure using L2TP/IPSec and OpenVPN for secure remote access
   2. Monitor traffic patterns, scan for unauthorized logins, and respond to intrusion attempts or anomalies
   3. Harden network and server architecture with firewalls, failover, VLAN segmentation, and port filtering
   4. Implement and manage Multi-Factor Authentication (MFA) across all critical systems
   5. Conduct routine penetration tests, vulnerability assessments, and patch audits
3. Strategic System Security Architecture 
   1. Architect and implement Zero Trust Network Access (ZTNA) principles across BVT systems
   2. Integrate SSL/TLS encryption, IP whitelisting, and SFTP/FTPS protocols for sensitive data transmission
   3. Lead transition to hybrid-cloud backup strategy (e.g., Synology + Azure/OneDrive backup integration)
   4. Recommend and deploy SIEM (Security Information and Event Management) tools where needed
   5. Establish network monitoring dashboards and system alerting protocols
4. Endpoint & Device Security 
   1. Enforce device-level security across all staff laptops and mobile devices using MDM, antivirus, and secure access protocols
   2. Monitor and manage device compliance with organizational IT policies
   3. Ensure mobile work infrastructure is encrypted, traceable, and resilient
5. Governance & Capacity Building 
   1. Develop IT governance policies aligned with ISO 27001, GDPR, and global donor compliance
   2. Prepare incident response playbooks and escalation protocols for internal IT team
   3. Train staff on secure IT practices including device control, phishing awareness, and password hygiene
   4. Maintain asset registry and access logs to ensure full traceability and accountability

Qualifications

• Bachelor’s degree in Information Technology, Network Engineering, Cybersecurity, or related field
• Minimum 5 years of professional experience in enterprise network/system security
• Hands-on expertise in:
  • Synology DSM: LDAP, File Station, Snapshot Replication, Hyper Backup
  • Microsoft 365 & SharePoint Admin Center: Permission Management, Conditional Access
  • VPN: L2TP/IPSec, OpenVPN, port forwarding, and dynamic DNS setup
  • Router/Firewall: Mikrotik, Ubiquiti, or equivalent with VLAN and IPS/IDS support
  • Linux & macOS Terminal-based system diagnostics
• Advanced knowledge of TLS certificates, MFA enforcement, group policy, and audit trails
• Familiarity with SIEM, endpoint protection, and encrypted offsite storage
• Deep and comprehensive understanding of the entire Microsoft 365 ecosystem, including administration, security configuration, Power Platform (Power Automate, Power Apps), Exchange, Teams, OneDrive, SharePoint, Intune, and compliance center integrations.
• Experience working in an NGO or mission-driven organization with global collaboration
• Fluent in English and Bahasa Indonesia with excellent documentation skills

Key Deliverables

• Fully operational and secured Synology NAS and SharePoint environments
• Active VPN system with access control, traffic logs, and IP management
• Comprehensive data backup strategy (onsite + cloud-based, encrypted)
• IT Governance Manual, SOPs, and compliance checklists
• Staff training modules on secure access and data protection
• Monthly system health & threat monitoring report