System Engineer - Mid-Level

Linux Systems Administration

• Administer, configure, harden, and maintain Red Hat Enterprise Linux (RHEL), Rocky Linux, and/or CentOS Stream server environments
• Apply and maintain DISA STIG configurations using OpenSCAP and other SCAP-compliant tooling; remediate findings from automated scans
• Manage system performance tuning, patch management (yum/dnf), software package management, and OS lifecycle operations
• Configure and manage system services, daemons, scheduled tasks, logging (rsyslog/journald), and audit frameworks (auditd)
• Provide Tier 1 and Tier 2 application support and general troubleshooting across all Linux-based systems

Security Compliance - SSP, RMF, and STIG

• Support ongoing System Security Plan (SSP) development, maintenance, and compliance activities in accordance with NIST SP 800-53 Rev 5 controls
• Conduct and document Risk Management Framework (RMF) activities including control implementation statements, POA&M tracking, and continuous monitoring
• Perform and respond to vulnerability assessments; coordinate CVE remediation and ensure timely patching
• Maintain system authorization boundaries, support A&A activities, and coordinate with the ISSO/ISSM
• Enforce DoD crypto policies including FIPS 140-2/140-3 mode configuration

STE/STN Support

• Install, configure, and maintain Secure Telephone Equipment (STE) and Secure Telephone Network (STN) infrastructure
• Coordinate STE/STN provisioning, moves, adds, and changes (MACs) with communications and security personnel
• Troubleshoot STE/STN connectivity and interoperability issues
• Maintain accurate inventory and documentation for all STE/STN endpoints

PKI, TLS, and Cryptographic Management

• Manage DoD PKI operations including certificate issuance, renewal, revocation, and trust store management
• Configure and maintain TLS/SSL for system services and applications
• Administer hardware security modules (HSMs) and software-based key management systems where deployed
• Apply and enforce system crypto policies to ensure FIPS compliance across all managed systems

Containers and Cloud Environments

• Deploy, operate, and maintain containerized workloads using Docker and/or Podman
• Administer Kubernetes or OpenShift container orchestration clusters within classified/air-gapped environments
• Manage container image pipelines including base image hardening, vulnerability scanning, and approved image registries
• Support lifecycle management of containerized applications

Virtualization

• Administer VMware vSphere/vCenter environments including ESXi host management
• Manage KVM/QEMU-based virtual environments on Linux hosts
• Coordinate capacity planning and resource optimization across virtualized infrastructure

Storage Management

• Administer NAS and SAN systems; manage LUN provisioning, zoning, and multipath I/O
• Operate and maintain Ceph distributed storage clusters
• Configure and manage LVM, RAID arrays, and filesystem operations
• Implement and verify data-at-rest encryption requirements

IP Networking and Firewall Management

• Configure and manage host-based firewalls (firewalld, iptables/nftables) on Linux systems
• Troubleshoot TCP/IP networking issues including routing, DNS, DHCP, VLAN segmentation
• Interface with network engineers on firewall rule changes and ACLs

Education: Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field. Equivalent experience may be substituted. Experience: 5+ years of system administration experience in classified or secure DoD/IC environments. Additional Required Qualifications:

• Active TS/SCI clearance with Full Scope Polygraph - must be active prior to start
• Deep hands-on Linux proficiency across RHEL, Rocky Linux, and/or CentOS
• Demonstrated experience with DISA STIGs and SCAP compliance scanning
• Working knowledge of NIST SP 800-53 controls and RMF process
• Experience with SSP development and A&A/ATO activities
• Hands-on STE/STN installation, configuration, and support experience
• Solid understanding of PKI/TLS/cryptographic standards including DoD PKI and FIPS enforcement
• Strong IP networking fundamentals and host-based firewall management
• Experience with container platforms (Docker, Podman, Kubernetes, or OpenShift)
• Experience with virtualization platforms (VMware vSphere, KVM/QEMU)
• Storage management experience with NAS, SAN, LVM, and/or distributed storage
• DoD 8140 IAT Level II compliance (Security+, CASP+, or equivalent)

Desired Skills

• Experience with Ansible, Puppet, SaltStack, or Chef
• Proficiency in Bash and Python scripting
• OpenShift Container Platform experience in classified deployments
• Experience with cross-domain solutions (CDS)
• Familiarity with DoD cloud environments (AWS GovCloud, C2S)
• Red Hat RHCSA or RHCE certification