Location Designation: Hybrid - 3 days per quarter

Role Summary

Own New York Life's platform operating system (OS) standards and the hardened/certified image artifacts used to build workloads across hybrid environments. This role engineers and governs standardized build paths for Linux and Windows platforms, including on-prem VM templates, AWS EC2 base images/AMIs, node images, and container base images. The engineer also owns the Terraform "golden path" modules that provision these platforms, implementing guardrails and enforcement to ensure compliant, repeatable builds at scale. Success requires strong cross-platform OS expertise, infrastructure-as-code (Terraform), image lifecycle engineering, and close partnership with ETS to execute the standard golden path across teams.

What You'll Do:

Vulnerability Management
• Research and download all patches for the Compute environment
• Test each of the patches to ensure that each patch resolves its intended vulnerability or issue.
• Bundle the vendor patches and release them to the team for non-prod deployment; be available to resolve issues before and during and after production release.
• If a critical patch is released from a vendor during or in between patch cycles, immediately research the vulnerability, test the patch and prepare it for an out of band patch cycle if necessary.

Platform OS Standards & Certified Images
• Define and maintain cross-platform OS standards for Linux and Windows (configuration baselines, hardening, packages, services, logging, time sync, and required agents).
• Engineer hardened/certified image artifacts: install/base images, on-prem VM templates, AWS AMIs for EC2, node images, and container base images.
• Coordinate certification and security sign-off for image releases (CIS-aligned hardening, approved crypto settings, certificates, and required controls).
• Maintain image versioning, release notes, and lifecycle (deprecation, end-of-support posture, and upgrade paths) with clear consumer guidance.
• Ensure that engineering, design, server build, configuration and other related documentation is present and up to date and easily retrievable

Terraform Golden Path Modules
• Own and evolve Terraform modules that implement the standard "golden path" for provisioning compliant OS platforms across environments.
• Design modules to be reusable, opinionated, and safe-by-default (networking hooks, identity integrations, logging/monitoring, secrets handling, tagging/metadata).
• Enable Git-based workflows and CI/CD for module promotion and consumption at scale (testing, validation, approvals, and rollback patterns).

Guardrails, Enforcement & Exception Workflow
• Implement and operate guardrails/enforcement to prevent drift from OS standards (policy-as-code, validations, and automated compliance checks).
• Define and run the exception workflow: intake, risk assessment, approvals, time-bound waivers, tracking, and remediation plans.
• Partner with Security, IAM, and Risk teams to ensure governance, auditability, and evidence collection for standards adoption.

Rollout Sequencing & Operations
• Plan and execute rollout sequencing for new standards and image releases (pilot → early adopters → broad rollout), minimizing operational risk.
• Operate production support for golden path platforms, including incident response, root cause analysis, and continuous improvements to reduce repeat issues.
• Establish runbooks, operational procedures, and communications for consumers and platform operators.

Monitoring & Observability
• Define and implement monitoring and dashboards for image/standard adoption, compliance status, and drift detection across Linux, Windows, EC2/AMI, and container bases.
• Integrate telemetry with enterprise monitoring to provide proactive alerting and visibility for stakeholders and operations.

Partner & Influence Across Teams (with ETS)
• Partner with technology team to execute the standard golden path at scale, aligning on implementation patterns, operational handoffs, and support models.
• Collaborate with application teams, cloud platform teams, and infrastructure engineering to onboard workloads to the golden path.
• Provide technical leadership and mentorship, driving adoption through clear documentation, training, and stakeholder engagement.

What You'll Bring:
• Experience: 7+ years engineering and operating enterprise OS platforms across Linux and Windows in mission-critical, hybrid environments.
• Golden images & provisioning: Proven expertise building and maintaining hardened/certified images (VM templates, EC2 AMIs, node images, container base images) and operating image build pipelines (e.g., Packer or equivalent).
• Infrastructure as Code: Strong Terraform skills (module design, versioning, testing, promotion) with ability to deliver opinionated "golden path" modules for broad adoption; familiarity with Ansible and automation at scale.
• Cloud & platform engineering: Working knowledge of AWS compute patterns (EC2/AMI), IAM, logging/monitoring integrations, and tagging/metadata standards; exposure to Azure/Oracle Cloud and hybrid operations.
• Guardrails & governance: Experience implementing policy-as-code guardrails (validation, drift detection, compliance scanning) and running structured exception/waiver workflows.
• Core infrastructure fundamentals: Strong grounding in networking (TCP/IP, DNS, HTTP/S), storage (SAN/NAS/local/filesystems), HA/resiliency, and virtualization (VMware/UCS).
• Operational leadership: Excellent incident/change discipline, clear communication to technical and non-technical stakeholders, and ability to partner with ETS and cross-functional teams to execute standards at scale.

How Success Will Be Measured
• Golden path adoption & standardization - higher % of Linux/Windows platforms provisioned via approved Terraform modules and certified artifacts (base images, VM templates, EC2 AMIs, node/container images), with reduced build variance and drift.
• Secure, on-time releases - predictable cadence for certified images, monthly patch readiness, and major OS releases delivered on schedule with documented hardening/approvals to meet SLAs.
• Low-incident change execution - incident-free (or materially reduced) patch/image rollouts supported by guardrails, automated enforcement, rollout sequencing, and validated testing/rollback plans.
• Vulnerability reduction - fewer Vulnerability Incident Tickets (VIT) and improved security posture through hardened standards, continuous remediation, and reduced repeat findings across Linux services and Windows workloads.
• Operational excellence - fewer platform incidents attributable to standards/images, improved MTTR via runbooks and observability, and strong ServiceNow SLA performance (tickets closed within SLA).
• Governance, exceptions & audit readiness - efficient exception workflow (clear SLAs, time-bound waivers, tracked remediation) plus complete, consistent, easily retrievable documentation/evidence for audits and quarterly reviews.

Working Model

Hybrid role based in New York, NY with periodic on-site participation for key release and change windows. Availability after-hours for critical issue engagement is expected. You'll operate under defined governance and established change procedures, partnering closely

with ETS and cross-functional teams to execute the standard golden path at scale, maintain hardened/certified image artifacts, and keep platform standards audit-ready across Linux, Windows, and AWS.

Pay Transparency

Salary Range: $90,000-$128,500

Overtime eligible: Exempt

Discretionary bonus eligible: Yes

Sales bonus eligible: No

Actual base salary will be determined based on several factors but not limited to individual's experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.