Job Type
Full-time
Description
ALEX is seeking an experienced Linux-focused System Administrator (Level 2) to support a mission-critical program within the Intelligence Community at Fort Meade, MD. This is an on-site position in a Sensitive Compartmented Information Facility (SCIF) environment. The successful candidate will be responsible for the day-to-day administration, security compliance, and operational health of complex Linux-based infrastructure spanning virtualized environments, container platforms, and classified networked systems.
The SA Level 2 operates with a high degree of independence and serves as a technical authority on Linux systems engineering, PKI/cryptographic policy enforcement, storage management, IP networking, and security compliance. This role carries significant responsibility for System Security Plan (SSP) maintenance, STIG implementation, and supporting Secure Telephone Equipment/Network (STE/STN) infrastructure within a heavily regulated RMF/NIST framework.
Key ResponsibilitiesLinux Systems Administration- Administer, configure, harden, and maintain Red Hat Enterprise Linux (RHEL), Rocky Linux, and/or CentOS Stream server environments.
- Apply and maintain DISA STIG configurations using OpenSCAP and other SCAP-compliant tooling; remediate findings from automated scans.
- Manage system performance tuning, patch management (yum/dnf), software package management, and OS lifecycle operations.
- Configure and manage system services, daemons, scheduled tasks, logging (rsyslog/journald), and audit frameworks (auditd)
- Provide Tier 1 and Tier 2 application support and general troubleshooting across all Linux-based systems.
Compliance - SSP, RMF, and STIG- Support ongoing System Security Plan (SSP) development, maintenance, and compliance activities in accordance with NIST SP 800-53 Rev 5 controls.
- Conduct and document Risk Management Framework (RMF) activities including control implementation statements, POA&M tracking, and continuous monitoring.
- Perform and respond to vulnerability assessments; coordinate CVE remediation and ensure timely patching.
- Maintain system authorization boundaries, support A&A activities, and coordinate with the ISSO/ISSM.
- Enforce DoD crypto policies including FIPS 140-2/140-3 mode configuration.
STE/STN Support- Install, configure, and maintain Secure Telephone Equipment (STE) and Secure Telephone Network (STN) infrastructure.
- Coordinate STE/STN provisioning, moves, adds, and changes (MACs) with communications and security personnel.
- Troubleshoot STE/STN connectivity and interoperability issues.
- Maintain accurate inventory and documentation for all STE/STN endpoints.
PKI, TLS, and Cryptographic Management- Manage DoD PKI operations including certificate issuance, renewal, revocation, and trust store management.
- Configure and maintain TLS/SSL for system services and applications.
- Administer hardware security modules (HSMs) and software-based key management systems where deployed.
- Apply and enforce system crypto policies to ensure FIPS compliance across all managed systems.
Containers and Cloud Environments- Deploy, operate, and maintain containerized workloads using Docker and/or Podman.
- Administer Kubernetes or OpenShift container orchestration clusters within classified/air-gapped environments.
- Manage container image pipelines including base image hardening, vulnerability scanning, and approved image registries.
- Support lifecycle management of containerized applications.
Virtualization- Administer VMware vSphere/vCenter environments including ESXi host management.
- Manage KVM/QEMU-based virtual environments on Linux hosts.
- Coordinate capacity planning and resource optimization across virtualized infrastructure.
Storage Management- Administer NAS and SAN systems; manage LUN provisioning, zoning, and multipath I/O.
- Operate and maintain Ceph distributed storage clusters.
- Configure and manage LVM, RAID arrays, and filesystem operations.
- Implement and verify data-at-rest encryption requirements.
IP Networking and Firewall Management- Configure and manage host-based firewalls (firewalld, iptables/nftables) on Linux systems.
- Configure and manage host-based firewalls (firewalld, iptables/nftables) on Linux systems.
- Troubleshoot TCP/IP networking issues including routing, DNS, DHCP, VLAN segmentation.
- Interface with network engineers on firewall rule changes and ACLs.
Requirements
Required Skills and Qualifications:- Deep hands-on Linux proficiency across RHEL, Rocky Linux, and/or CentOS
- Demonstrated experience with DISA STIGs and SCAP compliance scanning
- Working knowledge of NIST SP 800-53 controls and RMF process
- Experience with SSP development and A&A/ATO activities
- Hands-on STE/STN installation, configuration, and support experience
- Solid understanding of PKI/TLS/cryptographic standards including DoD PKI and FIPS enforcement
- Strong IP networking fundamentals and host-based firewall management
- Experience with container platforms (Docker, Podman, Kubernetes, or OpenShift)
- Experience with virtualization platforms (VMware vSphere, KVM/QEMU)
- Storage management experience with NAS, SAN, LVM, and/or distributed storage
- DoD 8140 IAT Level II compliance (Security+, CASP+, or equivalent)
Desired Skills- Experience with Ansible, Puppet, SaltStack, or Chef
- Proficiency in Bash and Python scripting
- OpenShift Container Platform experience in classified deployments
- Experience with cross-domain solutions (CDS)
- Familiarity with DoD cloud environments (AWS GovCloud, C2S)
- Red Hat RHCSA or RHCE certification
Experience- 5+ years of system administration experience in classified or secure DoD/IC environments.
Education- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field. Equivalent experience may be substituted.