Infrastructure Engineer
Role details
Job location
Tech stack
Job description
We are seeking a high-level Infrastructure Expert to design, deploy, and manage a secure, scalable cloud ecosystem. You will be responsible for building the backbone of our Virtual Desktop Infrastructure (VDI). Your primary mission is to ensure 99.99% uptime, automated data redundancy, and seamless client-server communication in a Linux-heavy environment., Virtualization Mastery: Design and manage Virtual Machine (VM) clusters using KVM, QEMU, Proxmox, or VMware ESXi. Virtual Desktop Deployment: Build and maintain secure, low-latency Linux/Windows Virtual Desktops for remote client access. Data Integrity & Recovery: Architect automated, off-site backup solutions and Disaster Recovery (DR) protocols using tools like Restic, Bacula, or Veeam. Network Security: Implement robust firewall rules (IPTables/NFTables), Load Balancers (HAProxy), and secure VPN tunnels for client-server isolation. Automation: Use Ansible, Terraform, or SaltStack to automate the deployment of new client environments., HIPAA Technical Safeguards: Implement and maintain the "Technical Safeguards" required by HIPAA ($45 \text{ CFR } \S 164.312$), including unique user identification, emergency access procedures, and automatic log-offs. Data Encryption at Rest & Transit: Ensure all PHI (Protected Health Information) is encrypted using AES-256 at the storage level and TLS 1.3 during transmission across the client-server architecture. Audit Logging & Monitoring: Configure centralized, immutable logging (e.g., ELK Stack or Graylog) to track every access point, modification, or deletion of sensitive data for mandatory 6-year retention. Business Associate Agreement (BAA) Alignment: Architect systems that adhere to the specific security requirements outlined in our BAAs with Google Cloud and our Texas healthcare clients. Advanced Security Requirements Identity & Access Management (IAM): Implement Role-Based Access Control (RBAC) and Zero Trust Architecture to ensure the principle of "Least Privilege." Vulnerability Management: Perform regular automated vulnerability scans and coordinate with the team for rapid patching of the Linux kernel and web server binaries (CVE monitoring). Intrusion Detection: Setup and manage HIDS/NIDS (Host/Network Intrusion Detection Systems) such as Wazuh or OSSEC. Certifications (Preferred but not Mandatory) HCISPP (HealthCare Information Security and Privacy Practitioner), CompTIA Security+ or CISSP
Requirements
Do you have experience in Windows?, OS: Expert-level mastery of Windows / Ubuntu Server, CentOS/AlmaLinux, and Debian. Virtualization: Deep experience with Hypervisors and Containerization (Docker/Kubernetes is a plus). Storage: Knowledge of distributed storage solutions like Ceph or ZFS for data reliability. Networking: Strong understanding of DNS management, SSL/TLS automation, and VLAN/VXLAN for client isolation. Monitoring: Experience setting up Prometheus, Grafana, or Zabbix to predict hardware failures before they happen. The Ideal Candidate Profile Psychology: You don't just "fix" things; you build systems that don't break. You understand that in the IT business, downtime is a loss of reputation. Communication: You can explain complex "Hard IT" architecture to "Soft IT" teams and management. Experience: 5+ years in Data Center management, Cloud Service Provider (CSP) environments, or high-level Systems Administration.