IT System Engineer-NIGC
CTI, Inc.
Falls Church, United States of America
yesterday
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
IntermediateJob location
Falls Church, United States of America
Tech stack
Microsoft Windows
Microsoft Active Directory
Active Directory Federation Services
Domain Controllers
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Apache HTTP Server
Server Applications
Backup Devices
Bash
BIOS
Command-Line Interface
Databases
Data Centers
Data Deduplication
Linux
Disaster Recovery
RAID
DNS
Middleware
VMware ESX Servers
Firmware
Monitoring of Systems
Identity and Access Management
IIS
Subnetting
Virtual Private Networks (VPN)
Job Scheduling
Linux Servers
Microsoft SQL Server
Windows Server
MySQL
NT File System (NTFS)
Oracle
Performance Tuning
Powershell
Role-Based Access Control
Remote Access Technology
Shell Script
Virtual Machines
Virtualization Technology
vSphere
Software Vulnerability Management
Web Services
S3 Bucket
Helios
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Information Technology
Bare Metal
Patch Management
Data Management
Route53
3-tier Architectures
Functional Programming
Cloudwatch
Network Server
VMware
Job description
We are seeking a System Administrator for IMMEDIATE HIRE to support our NIGC contract. The System Administrator is responsible for the end-to-end operational integrity of all servers in the Federal Government Agency 's ecosystem - on-premises, virtual, and cloud-based (AWS) - as well as the Agency's Active Directory infrastructure, storage systems, and backup and recovery operations. This individual serves as the highest-level escalation point for Windows/Linux server, storage, and systems incidents., Server Operations & Maintenance
- Maintain operational integrity of all physical Dell servers, Windows and Linux virtual machines, and VMware ESXi hosts managed by vCenter across the Agency's on-premises and AWS environments.
- Perform OS patching, firmware and BIOS updates, storage capacity monitoring, SSL certificate renewals, and critical service restarts in accordance with Agency-approved patch management schedules.
- Execute server baseline image development, licensing validation, Sysprep, and driver injection for Windows and Linux; maintain and update images in compliance with the Agency's Standard Operating Environment (SOE).
- Deploy physical and virtual servers including rack-and-stack, RAID configuration, iDRAC/ILO setup, OS installation, VPC/subnet assignment, EBS volume attachment, and post-deployment hardening.
- Provide immediate notification to the CIO and MSSP security team in the event of any security incident requiring server isolation, including execution of incident response protocols aligned with NIST 800-53.
Active Directory & Identity Management
- Maintain health and integrity of the Agency's Active Directory infrastructure including three Read/Write and two Read-Only domain controllers (Main Agency), and two Read/Write Facilities controllers; verify FSMO role health, DC replication, SYSVOL integrity, and DNS/SRV record validation.
- Develop and maintain Group Policy Objects (GPOs) for all Windows devices (on-premises and AWS), including GPO lifecycle management, conflict/inheritance optimization, and security auditing via GPMC and GPResult.
- Enforce a tiered administrative model with Role-Based Access Control (RBAC) mapping, privileged account de-provisioning, and monthly Domain Admin/Enterprise Admin membership audits.
- Manage Active Directory monitoring for real-time object lifecycle tracking and privileged membership change alerting; produce automated daily CIO compliance reports via ADAudit Plus.
AWS Cloud Operations
- Provide operational management and performance optimization of the Agency's AWS environment, including EC2 instances (Amazon Linux and Windows), RDS (MySQL and MS-SQL), S3, Glacier, CloudFront CDN, VPCs, and AWS service connectivity to third-party providers.
- Execute instance lifecycle management including patching, scaling, S3 bucket policy management (non-security), Route 53 DNS records, VPC routing, Lambda monitoring, and CloudWatch-based proactive performance remediation.
- Perform IAM execution (adding/removing users per approved requests) and account hygiene; coordinate with the Agency CISO on security tooling (GuardDuty, Security Hub, CloudTrail) at the direction of Agency security staff.
- Administer ADFS infrastructure and Windows Active Directory integration with AWS identity services.
Backup, Recovery & Storage
- Administer and monitor the Agency's backup environment using Cohesity Helios, including job scheduling, deduplication, retention policy management, offsite synchronization, and daily success/failure review.
- Execute file-level recovery (FLR), database and application object restores, instant VM recovery, and point-in-time rollbacks upon request; lead annual Disaster Recovery (DR) and Bare Metal Recovery (BMR) exercises.
- Monitor and maintain Dell PowerScale NAS, Dell Unity Unified Hybrid Storage Arrays, QNAP devices, LibSafe/LibData preservation storage, and EVO Media Storage systems, using OneFS and management consoles.
- Enforce least-privilege access controls on all storage systems, including iSCSI target/initiator mapping, RBAC implementation, ACL auditing, and CIO security posture reporting.
Database & Application Server Support
- Provide operational support for Microsoft SQL Server clusters, MySQL, and Oracle database servers, including OS-level patching, SSL certificate and domain renewal management, and third-party vendor update execution.
- Act as technical lead on third-party vendor calls; manage vendor remote access/VPN sessions; maintain middleware and web services (IIS, Apache) for Agency-hosted applications.
- Manage shared drive architecture, NTFS/NFS permissions, security group-based ACL enforcement, and recursive folder permission auditing across the Agency's file share environment.
Requirements
- Minimum 7 years of experience in enterprise systems administration with at least 3 years at a Tier 3 / senior engineer level.
- Expert-level proficiency in both Linux and Windows Server administration, including advanced command-line troubleshooting and shell scripting (Bash and PowerShell).
- Hands-on experience with VMware vSphere/vCenter, including ESXi host management, VM lifecycle, and snapshot operations.
- AWS SysOps Administrator-level proficiency; experience managing EC2, RDS, S3, Glacier, CloudFront, VPC, Route 53, Lambda, and CloudWatch in a production environment.
- Experience with Dell PowerScale (OneFS), Cohesity Helios, or equivalent enterprise storage and backup platforms.
- Active Directory architecture and administration expertise, including GPO management, FSMO roles, DC replication, and ADAudit Plus or equivalent monitoring tools.
- Familiarity with NIST 800-53 security controls and their application to server baseline hardening and vulnerability remediation.
- Must be eligible for and obtain a Agency suitability clearance (background investigation and annual re-badging)., * AWS Certified SysOps Administrator - Associate or higher.
- Microsoft Certified: Windows Server Hybrid Administrator Associate or equivalent.
- VMware Certified Professional (VCP) - Data Center Virtualization.
- Experience in a federal government or cultural institution IT environment.