We are seeking a senior-level automation engineer to design and build fully automated Windows-based enterprise environments using Infrastructure as Code principles. This role operates within a highly controlled, air-gapped enterprise environment and requires proven experience engineering and automating systems in isolated networks with no direct internet connectivity. The position is responsible for eliminating manual server builds and delivering repeatable, configuration-driven domain deployments across multiple environments. You will collaborate closely with senior-level Windows and Nutanix systems engineers within an established enterprise platform to modernize and standardize infrastructure delivery inside a secure, disconnected architecture. This is not a traditional system administration position. We are seeking a builder-someone who replaces manual processes with code, designs repeatable infrastructure patterns, and thinks in terms of declarative configuration rather than server-by-server management, specifically within constrained and isolated environments. This is a high-impact engineering role with significant architectural influence over enterprise platform strategy in a secure, air-gapped environment. Responsibilities: - Architect and implement fully automated Windows domain deployments in an air-gapped infrastructure - Build reusable PowerShell Desired State Configuration (DSC) frameworks for disconnected networks - Design configuration-driven provisioning of Active Directory Domain Controllers, PKI/ADCS, Exchange, file, print, and application servers - Engineer automation solutions that do not rely on public repositories or internet-based package management - Partner with senior Windows and virtualization engineers to integrate automation into existing enterprise platforms - Implement Git-based configuration management within isolated repositories - Design automation for multi-domain, multi-tenant, and segmented environments - Eliminate configuration drift using declarative tooling - Develop standardized infrastructure blueprints deployable on demand - Integrate secure credential vaulting into automation workflows Required Qualifications: - Clearance: Must have a Top Secret/SCI w/Poly to be considered - Must have a Bachelor's degree and at least 12 years of experience OR a Master's degree and at least 10 years of prior relevant experience preferred OR 16 years of relevant career experience in lieu of degree. e - Demonstrated experience designing and operating automation within air-gapped or fully disconnected environments - Expert-level PowerShell development (modular, reusable, testable code) - Deep experience with PowerShell Desired State Configuration (DSC) - Strong Infrastructure as Code (IaC) experience in Windows environments - Advanced Active Directory architecture and automation experience - Experience automating enterprise Windows Server deployments - Experience with virtualization platform APIs (e.g., Nutanix, VMware,) - Experience implementing configuration drift detection and remediation - Strong understanding of secure automation, artifact management, and least-privilege design Preferred Qualifications: - Experience building internal artifact repositories for disconnected environments - Automation of multi-tenant or networks - Enterprise-scale configuration management strategy development - Building golden images - Experience designing automation supply chains for restricted networks What Success Looks Like: - A new domain can be deployed by supplying configuration data (name, users, roles) - Infrastructure builds are repeatable and version-controlled inside isolated repositories - Server configuration drift is automatically remediated - New environments can be provisioned in hours instead of weeks - Automation operates fully within air-gapped constraints without external dependencies You will be required to pass both a customer required and administered medical and psychological screening, as a condition of employment