AWS Cloud Engineer/System Administrator - Marathon TS

The AWS Cloud Engineer/System Administrator will lead and work with a team of Tier III system administrators to manage the Army Geospatial Center's (AGC) current and future cloud-based applications, including Platform as a Service (PaaS) and Software as a Service (SaaS) solutions hosted in the GovCloud (cArmy AWS IL4) environment, as well as lead the migration of data and applications. This AWS Cloud Engineer/System Administrator will also provide Tier III support for other AGC-supported on-premises systems and networks as needed, collaborate closely with the cross-functional team comprised of cybersecurity, system administrators, and desktop support to perform and report on continuous monitoring, vulnerability management and remediation, review, maintain and update security controls, POAM milestones, and compliance, ensure application of DISA quarterly STIG releases and STIG results analysis.

• Perform system administration support and cloud engineering to support AGC's Impact Level 4 systems hosted in the GovCloud environment
• Develop and maintain architecture requirements, evaluation of candidate cloud services, metrics, supporting documentation, and final reference architecture documents
• Work with the IA team to obtain cloud accreditation approval under the Risk Management Framework (RMF)
• Perform technical reviews of architecture and design artifacts for consistency with United States Army, DoD, and NIST policy, as well as alignment with system requirements
• Install, support, and maintain hardware and software infrastructure according to best practices, industry standards, and/or customer/organizational requirements, including firewalls/security groups, servers, and storage systems
• Apply appropriate Security Technical Implementation Guides (STIGs) and provide the check reports with explanations of the results in a government-approved format by DoD and apply and maintain IAVM, SARs, CTO, and other applicable directive compliance by timelines as specified
• Support and maintain the operating systems, patches, upgrades, and apply Cyber Security requirements for systems
• Diagnose problems, solve issues, and provide lessons learned
• Implement the necessary controls and procedures to protect information systems assets from intentional or inadvertent modification, disclosure, destruction, or security compromise
• Provide network and host-based security, incident response, and log collection and analysis as needed
• Perform regular patches of supported systems and remediate open vulnerabilities
• Assist in the development of guidelines and procedures for administration and security best practices
• Monitor resource usage, anticipate problems, and suggest solutions
• Manage production systems and provide higher-level technical support (Tier III) to clients when needed
• Work closely with colleagues to meet team goals and improve processes and practices
• Create and maintain documentation of the systems
• Manage, operated, maintain, and administer Windows IIS and SQL database, bastion host firewall production, test and staging environments, including configuration, deployment, troubleshooting, and maintenance
• Provide software and hardware support to the customer development team
• Setup offsite disaster recovery environment
• Review system and security logs and report to the team regarding incidents or potential threats to the network environment, systems, users, or infrastructure
• Monitor the production environment and report any code/security-related issues to the development team
• Open and close service requests and act as the primary interface with Army technical support to resolve technical problems in the GovCloud environment
• Other duties as assigned
• BA or BS degree in Information Technology or similar OR
• High school diploma or GED equivalent and 8+ years of related experience or an equivalent combination of education and experience may be substituted
• AWS Solutions Architect certification preferred, or other similar AWS certifications are required within 90 days of hire
• DoD 8140/8570.01-M Baseline IA at IAT II or higher: CCNA Security, CySA+, GICSP, GSE, Security+ CE or SSCP
• Active Top Secret/SCI clearance

• Knowledge, Skills, and Abilities:

• Ability to work 100% on customer site (no telework)
• AWS hands-on engineering experience and formal training in AWS cloud solutions are required
• Knowledgeable in application transport and network infrastructure protocols (SSL/TLS, DNS, DHCP, NTP, SSH, HTTP/S, SMTP, and Microsoft AD), and possess an understanding of how to support these applications/protocols
• Possess computing environment training or certification in any of the following: Windows Server, Next Generation Firewall, Microsoft, Red Hat, NetApp, VMware, Broadcom, or Cisco
• Experience in application of DISA STIGs and SRGs, DoD, Army, and IC policies and procedures
• Experience with creating POAM milestones, and compliance and ensuring application of DISA quarterly STIG releases and STIG results analysis
• Ability to understand IAVAs and remediate issues as needed
• Experience in building, operating, and maintaining Windows SQL Server 2019, Windows Server 2019, RHEL, and CentOS 7/8/9 servers
• Configure and manage MS SQL and PostgreSQL databases and apply and/or assess database STIGs or SRG
• Experience in managing Active Directory, configuring, and managing Windows Network Policy Server, configuring Group Policy Objects (GPO), applying and/or assessing operating system, web server, and web application STIGs and SRGs
• Experience with AWS load balancing, fail-over, and data replication technologies
• Operational experience with NIPR, SIPR, JWICS, DDTE, DREN, SDREN, AWS, AWS GovCloud (US), cArmy, milCloud, SC2S, and/or C2S
• Knowledgeable with SCCM, WSUS, SHAVLIK, and other AWS security cloud tools and patching tools
• Experience with NetApp storage products and cloud storage such as AWS EBS, EFS, S3, S3 IA, FSx, and Glacier
• Experience with systems and data encryption
• Familiarity with configuring both CISCO and Brocade Fibre Channel switches
• Familiarity with DISA NIPR Cloud SRG and IL4 landing zones
• Outgoing team player and self-motivated individual with excellent communication skills with the ability and desire to interact with all users and work closely with other technical staff or independently
• Demonstrated ability to multi-task effectively under pressure with the ability to frequently re-assess priorities for multiple tasks or projects
• Strong time management and resource management capabilities
• Must have advanced working knowledge of a variety of computer software applications used with Office 365 such as MS Teams, Word, PowerPoint, Excel, Visio, Outlook, MS Project, SharePoint
• Outgoing team player and self-motivated individual with excellent communication skills with the ability and desire to interact with all users and work closely with other technical staff or independently

#cjjobs

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").