AWS Cloud Engineer with Security Clearance
Seneca Resources, LLC
2024-11-06 01:42:33
salary: 160000.00 US Dollar . USD Annual
Alexandria, Virginia, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Direct Hire Job Title: Cloud Engineer/System Administrator Location: US-VA-Alexandria (100% Onsite in SCIF) Clearance: Top Secret/SCI Salary: $160k End Client - US ARMY Overview:
AWS Cloud Engineer/System Administrator The AWS Cloud Engineer/System Administrator will lead and work with a team of Tier III system administrators to manage the Army Geospatial Center's (AGC) current and future cloud-based applications, including Platform as a Service (PaaS) and Software as a Service (SaaS) solutions hosted in the GovCloud (cArmy AWS IL4) environment, as well as lead the migration of data and applications. This AWS Cloud Engineer/System Administrator will also provide Tier III support for other AGC-supported on-premises systems and networks as needed, collaborate closely with the cross-functional team comprised of cybersecurity, system administrators, and desktop support to perform and report on continuous monitoring, vulnerability management and remediation, review, maintain and update security controls, POAM milestones, and compliance, ensure application of DISA quarterly STIG releases and STIG results analysis. Responsibilities: Perform system administration support and cloud engineering to support AGC's Impact Level 4 systems hosted in the GovCloud environment
Develop and maintain architecture requirements, evaluation of candidate cloud services, metrics, supporting documentation, and final reference architecture documents
Work with the IA team to obtain cloud accreditation approval under the Risk Management Framework (RMF)
Perform technical reviews of architecture and design artifacts for consistency with United States Army, DoD, and NIST policy, as well as alignment with system requirements
Install, support, and maintain hardware and software infrastructure according to best practices, industry standards, and/or customer/organizational requirements, including firewalls/security groups, servers, and storage systems
Apply appropriate Security Technical Implementation Guides (STIGs) and provide the check reports with explanations of the results in a government-approved format by DoD and apply and maintain IAVM, SARs, CTO, and other applicable directive compliance by timelines as specified
Support and maintain the operating systems, patches, upgrades, and apply Cyber Security requirements for systems
Diagnose problems, solve issues, and provide lessons learned
Implement the necessary controls and procedures to protect information systems assets from intentional or inadvertent modification, disclosure, destruction, or security compromise
Provide network and host-based security, incident response, and log collection and analysis as needed
Perform regular patches of supported systems and remediate open vulnerabilities
Assist in the development of guidelines and procedures for administration and security best practices
Monitor resource usage, anticipate problems, and suggest solutions
Manage production systems and provide higher-level technical support (Tier III) to clients when needed
Work closely with colleagues to meet team goals and improve processes and practices
Create and maintain documentation of the systems
Manage, operated, maintain, and administer Windows IIS and SQL database, bastion host firewall production, test and staging environments, including configuration, deployment, troubleshooting, and maintenance
Provide software and hardware support to the customer development team
Setup offsite disaster recovery environment
Review system and security logs and report to the team regarding incidents or potential threats to the network environment, systems, users, or infrastructure
Monitor the production environment and report any code/security-related issues to the development team
Open and close service requests and act as the primary interface with Army technical support to resolve technical problems in the GovCloud environment
Other duties as assigned Qualifications: BA or BS degree in Information Technology or similar OR
High school diploma or GED equivalent and 8+ years of related experience or an equivalent combination of education and experience may be substituted
AWS Solutions Architect certification preferred, or other similar AWS certifications are required within 90 days of hire
DoD 8140/8570.01-M Baseline IA at IAT II or higher: CCNA Security, CySA+, GICSP, GSE, Security+ CE or SSCP
Active Top Secret/SCI clearance Knowledge, Skills, and Abilities: Ability to work 100% on customer site (no telework)
AWS hands-on engineering experience and formal training in AWS cloud solutions are required
Knowledgeable in application transport and network infrastructure protocols (SSL/TLS, DNS, DHCP, NTP, SSH, HTTP/S, SMTP, and Microsoft AD), and possess an understanding of how to support these applications/protocols
Possess computing environment training or certification in any of the following: Windows Server, Next Generation Firewall, Microsoft, Red Hat, NetApp, VMware, Broadcom, or Cisco
Experience in application of DISA STIGs and SRGs, DoD, Army, and IC policies and procedures
Experience with creating POAM milestones, and compliance and ensuring application of DISA quarterly STIG releases and STIG results analysis
Ability to understand IAVAs and remediate issues as needed
Experience in building, operating, and maintaining Windows SQL Server 2019, Windows Server 2019, RHEL, and CentOS 7/8/9 servers
Configure and manage MS SQL and PostgreSQL databases and apply and/or assess database STIGs or SRG
Experience in managing Active Directory, configuring, and managing Windows Network Policy Server, configuring Group Policy Objects (GPO), applying and/or assessing operating system, web server, and web application STIGs and SRGs
Experience with AWS load balancing, fail-over, and data replication technologies
Operational experience with NIPR, SIPR, JWICS, DDTE, DREN, SDREN, AWS, AWS GovCloud (US), cArmy, milCloud, SC2S, and/or C2S
Knowledgeable with SCCM, WSUS, SHAVLIK, and other AWS security cloud tools and patching tools
Experience with NetApp storage products and cloud storage such as AWS EBS, EFS, S3, S3 IA, FSx, and Glacier
Experience with systems and data encryption
Familiarity with configuring both CISCO and Brocade Fibre Channel switches
Familiarity with DISA NIPR Cloud SRG and IL4 landing zones
Outgoing team player and self-motivated individual with excellent communication skills with the ability and desire to interact with all users and work closely with other technical staff or independently
Demonstrated ability to multi-task effectively under pressure with the ability to frequently re-assess priorities for multiple tasks or projects
Strong time management and resource management capabilities
Must have advanced working knowledge of a variety of computer software applications used with Office 365 such as MS Teams, Word, PowerPoint, Excel, Visio, Outlook, MS Project, SharePoint
Outgoing team player and self-motivated individual with excellent communication skills with the ability and desire to interact with all users and work closely with other technical staff or independently