Well, all you can really check from the bookmarks is an explicit user type with 0 0 rights.
If I need to, you will never find my backdoor even if you know Linux very well. not to mention the opposite.
So from the admin himself, you can only protect yourself by a good relationship with him, work honestly and that's it.

Hire another admin to check the first, then a third to check the second, a fourth to check the third, and so on through the cycle.
Doomed to pay, alas.
Or start figuring it out yourself.
But seriously, esxi is difficult to customize, there is nothing to worry about

Artem, I wrote here. What would knowledgeable people. wrote a mature answer. Where begdors usually leave.

A mature answer can only be given to a mature question.
If backdoors could just be taken and found like this with a couple of tips and the Internet, then what for in general is a whole direction of security in the IT field? What for sysadmins and hackers have been studying various technologies for decades?
The mature answer is that you will not be able to find backdoors if you are not an expert, because there can be as many as you like, anywhere. The very simplest ways to obfuscate backdoors will easily protect them from attempts to find them by a non-specialist.
In addition, it is VERY difficult even for a specialist to find backdoors where a potential attacker had administrative access.
All you can do is change all passwords, clean possible ssh keys (in /home/$USER/.ssh/authorized_keys) and even then you still need to understand how to do this.

You need to check the host and virtual machine settings for any backdoors, unnecessary users, or incorrect / sub-optimal security-related settings. It became easier after the answer - now you can handle it?

What do I need to check after the work of the system administrators.

Nothing :) Well, in the sense, of course, you can google the most obvious things, but a well-designed backdoor, designed to work in any conditions, can only be found by an admin who is a class superior to the one who installed it (only if you have such paranoia - then he himself can leave a backdoor?).
Good backdoors are always custom, that is, they are designed taking into account the situation in this particular case :) Somewhere in the wilds of /usr/share/something-there, where no one ever looks, there is a script that starts with one line added to the standard script launching a standard service - the hell with two you will find it, especially if it will "sleep" for three months, so as not to make it possible to associate it with the departure of the admin :)