AWS Cloud Engineer/System Administrator

---

Job description

The AWS Cloud Engineer/System Administrator will lead and work with a team of Tier III system administrators to manage the Army Geospatial Center's (AGC) current and future cloud-based applications, including Platform as a Service (PaaS) and Software as a Service (SaaS) solutions hosted in the GovCloud (cArmy AWS IL4) environment, as well as lead the migration of data and applications. This AWS Cloud Engineer/System Administrator will also provide Tier III support for other AGC-supported on-premises systems and networks as needed, collaborate closely with the cross-functional team comprised of cybersecurity, system administrators, and desktop support to perform and report on continuous monitoring, vulnerability management and remediation, review, maintain and update security controls, POAM milestones, and compliance, ensure application of DISA quarterly STIG releases and STIG results analysis.

Perform system administration support and cloud engineering to support AGC's Impact Level 4 systems hosted in the GovCloud environment

Develop and maintain architecture requirements, evaluation of candidate cloud services, metrics, supporting documentation, and final reference architecture documents

Work with the IA team to obtain cloud accreditation approval under the Risk Management Framework (RMF)

Perform technical reviews of architecture and design artifacts for consistency with United States Army, DoD, and NIST policy, as well as alignment with system requirements

Install, support, and maintain hardware and software infrastructure according to best practices, industry standards, and/or customer/organizational requirements, including firewalls/security groups, servers, and storage systems

Apply appropriate Security Technical Implementation Guides (STIGs) and provide the check reports with explanations of the results in a government-approved format by DoD and apply and maintain IAVM, SARs, CTO, and other applicable directive compliance by timelines as specified

Support and maintain the operating systems, patches, upgrades, and apply Cyber Security requirements for systems

Diagnose problems, solve issues, and provide lessons learned

Implement the necessary controls and procedures to protect information systems assets from intentional or inadvertent modification, disclosure, destruction, or security compromise

Provide network and host-based security, incident response, and log collection and analysis as needed

Perform regular patches of supported systems and remediate open vulnerabilities

Assist in the development of guidelines and procedures for administration and security best practices

Monitor resource usage, anticipate problems, and suggest solutions

Manage production systems and provide higher-level technical support (Tier III) to clients when needed

Work closely with colleagues to meet team goals and improve processes and practices

Create and maintain documentation of the systems

Manage, operated, maintain, and administer Windows IIS and SQL database, bastion host firewall production, test and staging environments, including configuration, deployment, troubleshooting, and maintenance

Provide software and hardware support to the customer development team

Setup offsite disaster recovery environment

Review system and security logs and report to the team regarding incidents or potential threats to the network environment, systems, users, or infrastructure

Monitor the production environment and report any code/security-related issues to the development team

Open and close service requests and act as the primary interface with Army technical support to resolve technical problems in the GovCloud environment

Other duties as assigned

BA or BS degree in Information Technology or similar OR

High school diploma or GED equivalent and 8+ years of related experience or an equivalent combination of education and experience may be substituted

AWS Solutions Architect certification preferred, or other similar AWS certifications are required within 90 days of hire

DoD 8140/8570.01-M Baseline IA at IAT II or higher: CCNA Security, CySA+, GICSP, GSE, Security+ CE or SSCP

Active Top Secret/SCI clearance

Knowledge, Skills, and Abilities:

Ability to work 100% on customer site (no telework)

AWS hands-on engineering experience and formal training in AWS cloud solutions are required

Knowledgeable in application transport and network infrastructure protocols (SSL/TLS, DNS, DHCP, NTP, SSH, HTTP/S, SMTP, and Microsoft AD), and possess an understanding of how to support these applications/protocols

Possess computing environment training or certification in any of the following: Windows Server, Next Generation Firewall, Microsoft, Red Hat, NetApp, VMware, Broadcom, or Cisco

Experience in application of DISA STIGs and SRGs, DoD, Army, and IC policies and procedures

Experience with creating POAM milestones, and compliance and ensuring application of DISA quarterly STIG releases and STIG results analysis

Ability to understand IAVAs and remediate issues as needed

Experience in building, operating, and maintaining Windows SQL Server 2019, Windows Server 2019, RHEL, and CentOS 7/8/9 servers

Configure and manage MS SQL and PostgreSQL databases and apply and/or assess database STIGs or SRG

Experience in managing Active Directory, configuring, and managing Windows Network Policy Server, configuring Group Policy Objects (GPO), applying and/or assessing operating system, web server, and web application STIGs and SRGs

Experience with AWS load balancing, fail-over, and data replication technologies

Operational experience with NIPR, SIPR, JWICS, DDTE, DREN, SDREN, AWS, AWS GovCloud (US), cArmy, milCloud, SC2S, and/or C2S

Knowledgeable with SCCM, WSUS, SHAVLIK, and other AWS security cloud tools and patching tools

Experience with NetApp storage products and cloud storage such as AWS EBS, EFS, S3, S3 IA, FSx, and Glacier

Experience with systems and data encryption

Familiarity with configuring both CISCO and Brocade Fibre Channel switches

Familiarity with DISA NIPR Cloud SRG and IL4 landing zones

Outgoing team player and self-motivated individual with excellent communication skills with the ability and desire to interact with all users and work closely with other technical staff or independently

Demonstrated ability to multi-task effectively under pressure with the ability to frequently re-assess priorities for multiple tasks or projects

Strong time management and resource management capabilities

Must have advanced working knowledge of a variety of computer software applications used with Office 365 such as MS Teams, Word, PowerPoint, Excel, Visio, Outlook, MS Project, SharePoint

Outgoing team player and self-motivated individual with excellent communication skills with the ability and desire to interact with all users and work closely with other technical staff or independently

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").

<!– job description page –>