Job Description
Description
We are seeking a skilled and motivated Mid-Level Infrastructure Engineer with a strong background in Windows environments, Infrastructure as Code (IaC), and configuration management to join our team. The ideal candidate will concentrate on modernizing, upgrading, and managing Windows Server infrastructure, with a primary focus on implementing and maintaining Active Directory (AD) and Domain Controller (DC) environments. A key responsibility includes leveraging IaC and automation tools for server provisioning, patching, and configuration, while ensuring the seamless integration of Active Directory with Keycloak and implementing industry best practices and security compliance.
The DevSecOps Engineer will play a pivotal role in maintaining preexisting IL5 environments through production and will collaborate with cross-functional teams, including developers, system administrators, and cybersecurity professionals, to deploy secure, resilient, and scalable infrastructure, applications, and pipelines. This role requires hands-on experience with modern DevSecOps tools, platforms, and methodologies, including but not limited to GitLab, Flux, Kubernetes, CI/CD pipelines, Zero Trust, Active Directory, and Single Sign On tools.
Key Responsibilities
• Deploy, configure, maintain, and troubleshoot Active Directory (AD) and Domain Controller (DC) environments in a hybrid or on-premise Windows environment.
• Maintain the integrity and security of AD forests, domains, and trusted environments.
• Harden Active Directory and Domain Controller configurations following DoD STIG compliance and industry best practices.
• Manage Group Policy Objects (GPOs) and enforce security policies using tailored configurations.
• Ensure monitoring, logging, and auditing capabilities are in place to track AD/Domain Controller performance and security.
• Ensure security best practices, including Role-Based Access Control (RBAC), namespace isolation, and secure ingress/egress traffic configurations.
• Create AWS AMI for Windows Servers using Packer, Ansible, and powershell.
• Work within a secure, air-gapped IL5 environment and implement robust processes to ensure compliance with DoD or other regulatory frameworks.
• Implement and ensure the security and availability of Windows and Linux systems, including patch management, vulnerability assessments, and compliance with organizational policies.
• Automate recurring tasks using scripting tools like PowerShell, Ansible, Python, Bash or Powershell to improve operational efficiency.
• Troubleshoot issues within Windows (file systems, network connectivity, performance, and authentication).
• Plan and execute upgrades, migrations, and installations for both Windows and Linux systems.
• Collaborate with cross-functional teams to ensure systems integration and operational effectiveness.
• Develop and deliver technical documentation, including CI/CD pipeline configurations, workflow processes, and build instructions.
Position Overview
Qualifications
Required Skills and Qualifications:
• Technical Education/Clearance.
• Must have BS Degree with (6) six years of experience.
• Security+ Certification.
• Must an active Secret Clearance.
Technical Expertise:
• Strong knowledge of Active Directory architecture, including replication, forests, and domains.
• Proficiency with Windows Server administration, roles, and features.
• Comprehensive Understanding with security frameworks, such as NIST or ISO, and their application in AD/DC environments.
• Experience in integrating authentication/SSO identity solutions including but not limited to Keycloak, Active Directory, SAML integration with SSO in tools, RBAC best practices within AD.
• Proficiency with GitLab CI/CD and Git-based workflows to version control and orchestrate pipelines.
• Knowledge and experience working in secure environments, specifically Impact Level 6 (IL6) or similarly controlled environments, with a strong understanding of DoD or equivalent compliance frameworks.
• Proficiency in tools for security automation:
• Image Scanning Tools (e.g., Anchore).
• Static Code Analysis Tools (e.g., SonarQube).
• Software Signing Tools (e.g., Cosign) for image and binary integrity verification.
• Hands-on experience with container hardening and vulnerability remediation.
• Programming and Automation
• Strong scripting and automation skills for automating configuration, build, and deployment processes.
• Proficiency with Infrastructure as Code (IaC) tools like Terraform, Helm, or Ansible for provisioning and managing secure environments.
• Communication and Teamwork
• Ability to effectively communicate complex technical concepts to developers, security teams, and stakeholders.
• Proven experience collaborating in multidisciplinary teams within Agile or DevSecOps methodologies.
Target salary range: $80,001 - $120,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
