• Ensuring system platform supports developer software tools for DoD and IC community and that developer pipeline tools are functioning and communicating in accordance with Federal, Department of Defense (DoD), and Intelligence Community (IC) policy
• Performing system administration for enterprise software applications on a regular upgrade cycle, ensure DoD users have availability for development software tools and workflow apps in a DevSecOps pipeline
• Developing and assisting design of the security interfaces, security interconnections, and the trust relationship between system components and external systems
• Implementing system security designs using commercial-off-the-shelf (COTS), government-off- the-shelf (GOTS), and open-source hardware and software
• Overseeing the hardening and configuration systems and system components in accordance with various Federal, DoD, and IC guidance
• Managing security assessments of systems and system components using industry standard automated vulnerability scanning tools
  • Vulnerability scanning tools may include Tenable Nessus and Security Content Automation Protocol (SCAP)
• Coordinating with cyber on security assessments to identify security control failures and recommend corrective actions

#LI-JC1

• Active security clearance; eligible forCSWF Level II designation
• Five or more years of experience withDevSecOps principles, including experience supporting Agile, Scrum, or Extreme Programming development teams
• Linux certification such asCompTIA Linux+,RHCSA, or equivalent experience
  • Linux system administration background is required
• One or more years of experience with CI/CD pipeline workflow management, including Git, Bash, automation practices, GitOps workflows, and cloud-native application deployment
• Experience building, deploying, and maintaining applications on containerization platforms includingDocker, Podman, Kubernetes, OpenShift, and Amazon EKS
• Hands-on experience deploying and operating applications inAWS and AWS GovCloud, including Kubernetes-based workloads, AWS networking, IAM-integrated services, storage, load balancing, and certificate management
• Experience administeringAmazon EKS clusters, including namespaces, workloads, services, ingress resources, node pools, autoscaling, storage classes, persistent volumes, and application lifecycle management
• Experience withEKS Auto Mode / Karpenter-style node lifecycle management, including node disruption controls, maintenance windows, workload rescheduling, and cluster availability considerations
• Experience usingOpenShift on AWS to manage application deployments, upgrades, route/ingress behavior, and full application lifecycles
• Experience deploying and maintaining production applications usingHelm, Kubernetes manifests, Argo CD, External Secrets, ConfigMaps, Secrets, PersistentVolumeClaims, StatefulSets, Deployments, Services, Ingress, and ServiceAccounts
• Experience managing AWS-integrated Kubernetes ingress patterns, includingAWS Load Balancer Controller, ALB/NLB configuration, path-based routing, TLS certificates, ACM certificates, DNS integration, and external-dns
• Experience supporting complex application networking across private AWS VPC networks, F5, ALB/NLB, internal DNS, public/private hostnames, NAT gateways, and controlled ingress/egress paths
• Experience configuring applications for secure outbound connectivity through AWS networking services, including NAT routing, SMTP relay access, and controlled egress through approved IP ranges
• Experience administering web server architectures, includingApache Tomcat on RHEL
• Experience with two or more of the following technologies:Git, Fortify, SonarQube, Chef, Docker, Podman, OpenShift, Kubernetes, Amazon EKS, Helm, Tekton, Argo CD, External Secrets, AWS Secrets Manager, AWS Load Balancer Controller, F5 APM
• Strong knowledge ofWindows and RHEL administration, including troubleshooting, monitoring, patching, and maintaining Linux and Windows-based environments
• Familiarity with open-source tools and utilities used to manage, monitor, and troubleshoot Linux infrastructure, Kubernetes platforms, container workloads, and networks
• Five or more years of experience administering servers, backup operations, and system monitoring in multiple complex network server environments
• Experience deploying and operating enterprise DevSecOps applications in Kubernetes/EKS environments, includingArtifactory, Keycloak, Grafana, Graylog, n8n, SonarQube, Fortify, Coverity, BDBA, SRM/CodeDx, and related platform services
• Experience with centralized logging and monitoring for Kubernetes workloads, including Filebeat/Beats, Graylog, application logs, node logs, Kubernetes metadata, pipelines, streams, and search/index configuration.
• Experience with automation tools such asPowerShell, Ansible, Bash, n8n, and ScriptRunner
• Two or more years of experience with identity and access management platforms, including Keycloak, SAML, OIDC, CAC/PIV authentication, DoD certificate-based authentication, multi-factor authentication, security policies, and zero-trust design concepts
• Experience configuring secure application authentication and authorization usingKeycloak, including realms, clients, identity providers, SAML/OIDC mappings, group claims, token lifespans, client secrets, TLS truststores, and certificate-based login flows
• Ability to troubleshoot complex production application issues across Kubernetes, AWS, Linux, networking, identity management, databases, logging platforms, and application-layer services
• Ability to work full time at the customer location in a secure area on classified systems

• Experience supporting DevSecOps platforms inDoD, classified, or highly regulated environments
• Hands-on experience operating applications inAWS GovCloud and private AWS network environments
• Experience withAmazon EKS, OpenShift, Kubernetes, Helm, GitOps, Argo CD, and cloud-native application lifecycle management
• Experience designing and supporting Kubernetes ingress and routing architectures usingALB, NLB, F5, DNS, TLS certificates, ACM, and external-dns
• Experience configuring and troubleshooting AWS networking components such as VPCs, subnets, route tables, NAT gateways, private DNS, controlled egress, and hybrid routing through enterprise network appliances
• Experience deploying stateful applications in Kubernetes using StatefulSets, PVCs, storage classes, volume expansion, backup/restore processes, and persistent storage troubleshooting
• Experience integrating applications with enterprise identity providers usingSAML, OIDC, CAC/PIV, MFA, Keycloak, and DoD PKI certificates
• Experience with platform services such asArtifactory, Graylog, Grafana, Keycloak, n8n, SonarQube, Fortify, Coverity, BDBA, and SRM/CodeDx
• Experience creating automation workflows for user provisioning, application maintenance, Keycloak administration, webhook processing, and operational support
• Experience with centralized logging, log enrichment, Kubernetes metadata parsing, Graylog streams, Graylog pipelines, and operational dashboards
• Experience managing application secrets usingAWS Secrets Manager, External Secrets Operator, Kubernetes Secrets, and GitOps-safe deployment patterns
• Experience with TLS, truststores, Java keystores, internal certificate authorities, SMTP integration, and secure application-to-application communication
• Experience troubleshooting production issues using Kubernetes/OpenShift CLI tools, pod logs, exec sessions, health endpoints, network tests, application logs, and database connectivity checks
• Experience supporting secure application hosting, reverse proxies, load balancers, certificates, and F5/APM integrations

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS, A U.S. GOVERNMENT SECURITY CLEARANCE AT THE SECRET LEVEL

• No travel required other than working at the customer site in San Diego