Systems Administrator

Description:

Maintains operation of multi-user computer systems, including coordination of infrastructure and cloud responsibilities. Develops and designs core operating system builds. Responsible for coding, virtualization, and automation of systems. Sets up administrator and service account, maintains an active directory of users and system documentation, tunes system performance, installs system-wide software, and allocates mass storage space. Assesses and resolves user access problems related to security controls to minimize business impact and risk exposure. Identifies and evaluate vendor products and establishes vendor monitoring and tracking processes. Performs capacity planning and monitors/tunes systems. Recommends appropriate platforms for purchase, coordinates installation, and provides backup recovery. Serves as a point of escalation for major incidents that are unresolved at the helpdesk level. Develops and monitors policies and standards for allocation related to the use of computing resources. May draft general IT communications to end-users including notifications of outages/downtimes. May serve as the primary liaison for mergers, acquisitions, and divesture activities as it relates to user access, network, security, and support.

Background/Need:

• The Department supports two enterprise classified networks for the Laboratory. The Secret Internet Protocol Router Network (SIPRNet) is a collateral secret network that Laboratory staff use to communicate with sponsors via email and video teleconferencing. To support SIPRNet at the Laboratory ISD maintains multiple SIPRNet hubs, a Virtual Desktop Infrastructure (VDI) platform that is accessible from the hubs, all the backend network infrastructure for connectivity and several other ancillary services. ISD also supports the Enterprise Lincoln Collateral Network (ELCN). The goal of ELCN is to provide centralized services for any secret collateral network at the Laboratory that can take advantage of them. By centralizing these services, the Laboratory reduces complexity and redundancy in the environment, facilitates collaboration between the research staff and makes it easier to attain RMF compliance.

• The Classified Linux Engineer is a member of the Classified Enterprise Services (CES) Team within ISD, and they are critical to supporting both SIPR and ELCN. They are responsible for managing all aspects of our Linux infrastructure on both SIPR and ELCN. This includes building new virtual machines, ensuring those virtual machines are STIG compliant, and remediating any vulnerabilities that are found on those systems. In addition, this individual is also responsible for managing our RedHat Satellite infrastructure in both environments. This includes importing updates from the unclassified network to both classified networks, ensuring those updates are presented to the appropriate systems, patching ISD systems and working with division resources to ensure their systems are patched. Without this role the ISD CES team would not be able to maintain the Linux infrastructure that is critical to both networks. Candidates with experience in VMware vSAN, NetApp, Cohesity Backup and/or Ansible will be given preference

Other information relevant to the job requirement?

The Linux Systems Engineer will demonstrate a strong understanding of Linux operating systems including both workstation and server varieties while supporting the Laboratory s enterprise classified computing infrastructure. The ideal candidate will have a solid background with Linux to include the underlying systems and services that support them. These systems and services would include but are not limited to file sharing, Satellite, Ansible Automation Platform, multi-factor authentication, disk encryption and patching. This candidate will also possess some background with DevSecOps concepts (artifact repository, container registries, scanning and platforms, etc.) and tools (Sonatype Nexus, JFrog Artifactory, Prisma Twistlock, RHEL OpenShift, etc.) As part of this role the individual will need to demonstrate proficiency, applying STIGs (full and benchmark), understand how to use DISA s SCC Tool and STIG Viewer and how to evaluate systems for STIG compliance.

Must Have:

• Bachelor of Computer Science or relevant technical field of study
• 7 years of experience supporting RHEL 7/8 workstation and server
• 5 years of experience utilizing Satellite to support Linux systems
• 5 years of experience with bash/shell, Python and Perl scripting
• Understanding of Linux troubleshooting to include the boot process, Kickstart building, systemd, monitoring of system resources, kernel tuning, system performance troubleshooting, system calls and tracing
• Experience configuring storage for Linux systems (LVM, file systems, RAID, storage encryption, SAN, NAS and NFS)
• Package development and deployment (rpm, yum, dnf)
• Strong overall network skills (package captures, NIC latency tuning, route tables and tracing, subnetting, firewall/iptables, TCP/UDP/IP protocols)
• Ability to work independently toward delivery of goals as well as collaboration in team efforts
• Excellent customer service skills
• Excellent presentation, verbal, and written communication skills
• Demonstrate the ability to learn new technologies and disciplines quickly
• Security+ certification or the ability to obtain within 6 months of employment

Nice to Have:

• Experience utilizing Ansible Automation Platform to support Linux systems
• Experience supporting DevSecOps environments.
• Experience supporting software deployment on Linux
• Experience supporting cloud infrastructure. Preferably in classified environments but public domain experience is also beneficial
• Experience with the Cyber Operational Readiness Assessment (CORA) process and maintaining an inspection ready environment.

Clearance: This position requires active clearance. If candidates do not meet this requirement, do not submit them.

Onsite requirement: This position will be 100% onsite dedicated to supporting classified environments.

Additional Insights Based on Client Feedback:

• What the Team Is Looking For:

• Linux networking experience, including system diagnostics, packet captures, and network troubleshooting, is essential.
• Familiarity with storage technologies such as LVM, RAID, SAN, and NAS is important.

• What Will Make Someone Stand Out:

• Experience with Ansible Automation Platform (especially for managing Linux systems) is highly preferred.
• A background in DevSecOps, with experience using tools like JFrog, Nexus, RHEL OpenShift, and other relevant platforms, will give candidates an edge.
• Familiarity with cloud infrastructure, especially in classified environments, will be a plus.
• Experience working with CORA processes and maintaining an inspection-ready posture will make candidates particularly attractive for the role.

• What There s Flexibility On:

• While Red Hat Satellite experience is essential, candidates with experience using related tools (e.g., Spacewalk) may still be considered if they are willing to ramp up quickly.
• Candidates coming from non-DoD environments may still be considered, provided they have an active clearance and can adapt to working in classified spaces.