Site Reliability/ Release Pipeline Engineer
Role details
Job location
Tech stack
Job description
Owns the path from local development to deployed AWS cluster across DCSA's GovCloud (IL2/IL5) and classified (IL6/Secret) partitions, and the health of those clusters. These environments are currently in IATT and working towards scale and ATO. Deliberately a single role: at current team size, build/release and run/operate are the same person's problem. Release side: CDK stacks, Flux GitOps, Helm chart authoring, Envoy Gateway routes, EKS/IRSA, container builds, GitLab CI pipeline automation, and the local-to-AWS promotion path. Run side: the observability/tracing stack, cross-service tracing, runtime health, credential rotation, incident response, and the preflight/diagnose/QA loops. This role directly supports OY2 Workstream 1 (Image Builder Pipeline - STIG-compliant AMI automation, Artifactory integration, GitLab CI deployment), Workstream 6 (Import Account Standardization - Baseline Account Pipeline, tagging compliance, centralized VPC endpoints), and the GenAI IDP deployment pipeline (deploying the IDP Solution to Customer non-production and production environments via IaC).
Requirements
3+ years of professional experience in SRE, DevOps, platform, or infrastructure engineering Experience operating Kubernetes (EKS) in production, including in DoD/IC classified environments Experience packaging and deploying applications with Helm (authoring and maintaining charts, not only consuming them) Experience with Flux (or an equivalent GitOps controller - e.g., Argo CD) driving continuous delivery of Helm releases Experience with AWS compute and managed services (e.g., EKS, RDS, S3, IAM/IRSA, EC2 Image Builder) Experience with infrastructure-as-code; TypeScript/CDK experience specifically, or demonstrated ability to work in a TypeScript IaC codebase Experience with production observability and distributed tracing (e.g., OpenTelemetry, Grafana/Tempo, or equivalent), used to diagnose failures from telemetry rather than guesswork Experience leading incident diagnosis and resolution, including identifying and confirming root cause before remediating Experience with GitLab CI/CD pipelines for build automation and deployment Proficiency in at least one scripting language (e.g., Python) for tooling and automation, Experience building STIG-compliant AMI pipelines using EC2 Image Builder with DoD security baseline validation Experience with Artifactory integration for AMI/container image distribution across AWS Organizations Experience with cross-domain solutions (AWS Diode, CDS) and SIPRNet/JWICS environments Experience with AWS Organizations, SCPs, OU design, and multi-account governance Experience with certificate lifecycle management (ACM, Private CA) and automated renewal workflows Experience deploying or operating ML/LLM-serving infrastructure (e.g., Amazon Bedrock endpoints, SageMaker, model-inference endpoints) and reasoning about token/latency/cost from traces Experience with an ECR- or registry-based GitOps model (charts/images mirrored to a registry, controller reconciling from it) Experience diagnosing failed or stuck Helm/Flux reconciliations (HelmRelease not converging, drift between desired and live state) Experience with Envoy/gateway and certificate/TLS management in classified environments Proficiency using AI coding assistants as a daily driver, with the judgment to validate their output before it reaches a cluster Bachelor's degree in Computer Science or a related field, or equivalent practical experience
Program Qualification Run an engineering practice driven by evaluation, testing, and verification - changes are proven with tests, traces, and metrics before they are called done Operate agentic systems fluently (MCP tools, Bedrock/LLM calls, streaming, distributed traces) in support of GenAI IDP document classification and field extraction workflows Work within DCSA classified environments (IL5/IL6) following DoD security baselines and STIG compliance requirements Support the GenAI IDP solution: prompt engineering, model fine-tuning, evaluation logic for document section classification and extracted field validation Use AI coding assistants heavily as daily drivers, while remaining skeptical of their output and holding it to the same evidentiary bar as any other code Current, active Top Secret security clearance Current, active Security+ or equivalent certificate for privileged user access
Benefits & conditions
Salary Range: $190,000 - $225,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)
Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron's benefits programs.
Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.