Systems Automation Engineer

Scientific Research Corporation

Colorado Springs, CO

JOB DETAILS
SALARY
SKILLS
Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), Amazon Web Services (AWS), Ansible, Authentication, Automation, Automation Engineering, Bash Scripting, Bootstrap, CISSP - Certified Information Systems Security Professional, Cloud Computing, CompTIA Security+, Configuration Management, Continuous Deployment/Delivery, Continuous Integration, Cost Control, DNS (Domain Name System), Data Recovery, Defense Information Systems Agency (DISA), DoD Directive 8140, DoD Directive 8570, Docker, Documentation, Failover, Firewalls, Government, Identify Issues, Information Technology & Information Systems, Linux Operating System, Load Balancing, Metrics, Multiplatform/Cross-Platform, Nessus, Network Architecture/Engineering, Network Configuration Management, Network Routing, Operational Support, PVCS (Polytron Version Control System), Performance Analysis, Performance Tuning/Optimization, Problem Solving Skills, Python Programming/Scripting Language, RPM, Red Hat Linux Operating System, Right-Sizing, Root Cause Analysis, SSL-TLS (Secure Socket Layer - Transport Layer Security), Scientific Research, Scripting (Scripting Languages), Security Assertion Markup Language (SAML), Security Clearance, Security-Enhanced Linux (SELinux), Sensitive Compartmented Information (SCI), Single Sign-On (SSO), Smartcards, Software Engineering, Software Patches, Standard Operating Procedures (SOP), Subnet, System Architecture, System Lifecycle, Systems Administration/Management, Systems Engineering, Testing, Theater Production, Top Secret Clearance, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD), User Interface/Experience (UI/UX), Vulnerability Scanners, Willing to Travel, X.509 Digital Certificate
LOCATION
Colorado Springs, CO
POSTED
30+ days ago

Salary Statement

Estimated Starting Salary Range: USD $132,250.00/Yr. - USD $220,400.00/Yr. Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

Description

The Systems Automation Engineer architects, secures, and sustains a fully air-gapped, multi-account Kubernetes platform in AWS GovCloud, built on RHEL, RKE2, and self-managed GitLab. This role is built on an automation-first mindset infrastructure-as-code, one-shot repeatable deployments, CI/CD pipelines, and containerization to deliver highly scalable, resilient, and secure solutions in a disconnected environment. The engineer eliminates manual processes in favor of bundled, offline-reproducible deployments, embeds DevSecOps and zero-trust identity across the full system lifecycle, and operates the platform to meet NIST, RMF, STIG, and IL5/IL6/TS-SCI requirements.

Platform & Infrastructure Engineering

  • Designing, deploying, and sustaining RHEL 8/9/10 environments and RKE2 Kubernetes clusters across multiple AWS accounts and VPCs
  • Operating the cluster control plane and per-environment agent pools (dev/test/staging/prod) with node labeling, taints, and workload isolation
  • Performing hardening, patching, and performance tuning in a disconnected environment using bundled RPM delivery (no upstream repos), SELinux, and host firewalls
  • Administering platform-native core services CoreDNS, AWS Route 53, ingress/load balancing, and certificate lifecycle (cert-manager / TLS secrets)
  • Designing HA/DR and resilience multi-node control planes, automated backup/restore of stateful workloads (PVCs, GitLab, databases), and failover across availability zones

Cloud & Network Engineering

  • Architecting and managing AWS GovCloud environments (EC2, S3, EBS, VPC, IAM, Route 53) across multiple accounts with cross-account roles, key pairs, and AMI strategy
  • Designing secure, scalable multi-VPC network architectures Transit Gateway meshes, subnets, routing, and CIDR-based security-group rules (cross-VPC SG references are not available in GovCloud)
  • Implementing all infrastructure as code with Terraform (reusable per-VPC modules, cross-account providers, programmatically rendered variables)
  • Standing up and operating an in-environment OCI/container registry and bootstrap services for offline image distribution
  • Optimizing cloud cost, performance, and availability through right-sizing, repeatable destroy/redeploy, and monitoring

DevSecOps & GitLab Platform

  • Building and sustaining CI/CD pipelines on self-managed GitLab EE, including version-ladder upgrades, the container registry, and auto-registered Kubernetes runners
  • Integrating DevSecOps container/image CVE scanning (e.g., Trivy, Grype, Clair), secrets management, and policy/gating in pipelines
  • Operating container build and delivery tooling (Docker/podman, kaniko, Helm) with helm-template-derived, air-gap-reproducible image bundles
  • Implementing GitOps delivery with ArgoCD (pull-based, per-app Applications, environment promotion and prod gating)

Automation & Air-Gap Delivery

  • Developing automation that eliminates manual intervention single-command, phase-driven deployments validated end-to-end before delivery
  • Engineering self-contained, offline deployment bundles (RPMs, OCI images, Helm charts, binaries) for reproducible installs in disconnected networks
  • Writing and maintaining automation in Ansible, Python, and Bash; automating provisioning, configuration management, and patching
  • Maintaining idempotent, resumable deploy/upgrade/teardown workflows

Identity, Security & Compliance

  • Implementing zero-trust identity and SSO with Keycloak (OIDC/SAML), federating platform services (GitLab, ArgoCD, monitoring, admin UIs) and supporting CAC/PIV X.509 smart-card authentication
  • Implementing system hardening in accordance with DISA STIGs and NIST baselines as automated, repeatable controls
  • Supporting RMF/ATO processes authoring control evidence, security documentation, POA&M items, and continuous-monitoring inputs
  • Implementing centralized logging, monitoring, and alerting (Elastic/SIEM, host/audit telemetry, and AWS-native sources where applicable)
  • Ensuring IL5/IL6/TS-SCI compliance through enforced security controls, secrets-at-rest protection, and system hardening

Observability, Operations & Support

  • Standing up and operating monitoring/observability (Prometheus, Grafana, node/cluster metrics) and vulnerability scanning (ACAS Tenable.sc/Nessus)
  • Monitoring system performance, availability, and capacity to ensure reliability and scalability
  • Troubleshooting complex, cross-component issues across the platform (networking, DNS, container runtime, registry, identity) to restore operations
  • Providing Tier III support and leading root-cause analysis to resolve issues and prevent recurrence
  • Maintaining architecture documentation, deployment guides, and standard operating procedures/runbooks

#LI-LH1

Requirements

  • Five plus years of experience in systems/infrastructure engineering with strong Linux (RHEL 8/9/10) depth
  • Five plus years of experience in DevSecOps, automation, and AWS cloud environments
  • Strong hands-on experience with AWS core services and multi-account/VPC networking
  • Production experience operating Kubernetes (RKE2 preferred) RBAC, ingress, Helm, troubleshooting
  • Experience with scripting/automation in Ansible, Python, and Bash
  • Hands-on experience with Infrastructure as Code (Terraform)
  • Experience building and sustaining CI/CD pipelines (GitLab)
  • Working knowledge of networking fundamentals (routing, host firewalls, load balancers, DNS)
  • Experience applying DISA STIG / NIST hardening and supporting RMF/ATO in DoD or regulated environments
  • Ability to obtain/maintain a security clearance consistent with IL5/IL6/TS-SCI work

Certifications:

  • Red Hat Certified System Administrator (RHCSA) or higher
  • Certified Kubernetes Administrator (CKA)
  • CompTIA Security+ (or higher, e.g., CISSP) DoD 8570/8140 baseline
  • AWS Certified Solutions Architect (Associate or Professional)

Desired Skills

  • Experience with Kubernetes (RKE2, EKS, OpenShift, NKP, Rancher Federal, or similar)
  • Knowledge of zero-trust architecture and modern identity solutions
  • Experience with HashiCorp Vault, ArgoCD, or GitOps workflows, and service mesh technologies
  • Familiarity with monitoring tools (Prometheus, Grafana)
  • Experience in DoD or regulated environments (RMF, IL5/IL6/TS-SCI)

Clearance Information

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT. THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL.

Travel Requirements

  • Locally within US Space Command's Colorado Springs AOR. Peterson SFB, Schriever SFB and other locations in Colorado Springs
  • Up to two weeks per month to US Space Command facilities at Redstone Arsenal, Hunstville Alabama

About Us

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals with amounts increasing based on role and years of service, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

EEO

Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment.

All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other protected characteristic under federal, state or local law.

Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact jobs@scires.com for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

About the Company

S

Scientific Research Corporation

Scientific Research Corporation is an advanced engineering company that was founded in 1988 to provide innovative solutions to the U.S. Government, private industry, and international markets. Since its inception, SRC has continued to successfully meet em
COMPANY SIZE
2,500 to 4,999 employees
INDUSTRY
Aerospace and Defense
FOUNDED
1988
WEBSITE
http://www.scires.com