Cloud Engineer

The Application Vulnerability Assessment Program (AVAP) Engineer is responsible for operating and securing the program’s application security platforms, including OpenText Fortify, OWASP Dependency-Track, and any future application security tools, deployed in containerized and virtualized environments within Azure Kubernetes Service (AKS). This role manages Kubernetes-based infrastructure (AKS), container image pipelines, and automation through Infrastructure-as-Code and CI/CD (Azure DevOps) to ensure resilient, scalable, and compliant deployments. The engineer will perform system administration for both Windows and Linux environments, enforce security and compliance requirements aligned to federal standards, and maintain runbooks, SOPs, and metrics to support operational excellence. In addition, the role supports AVAP customers by troubleshooting platform issues to minimize downtime and ensure mission-critical vulnerability assessment services remain highly available.

Key Responsibilities:

• Design, deploy, and maintain secure, scalable, and resilient cloud infrastructure in Azure such as Azure Key Vault, Azure SQL Server, Azure SQL DB, Azure Kubernetes Service (AKS), etc.
• Operate and administer Kubernetes clusters (AKS) including node pools, networking, persistent volumes, ingress controllers, secrets management, access control, namespaces, etc.
• Manage container image lifecycle and updates by pull hardened images (i.e., Iron Bank), scan for vulnerabilities, enforce least-privilege configurations, and publish to ACR.
• Perform regular server administration tasks including patching, user provisioning, system monitoring, and backup/restoration.
• Automate deployments of infrastructure and applications using Azure DevOps or equivalent CI/CD pipelines with ARM/Bicep/Terraform and Helm.
• Implement and enforce security/compliance controls aligned to NIST SP 800-53 and Zero Trust (i.e., key vault integration, secret management, TLS cert rotation).
• Develop and maintain operational runbooks, playbooks, SOPs, and system/network architecture diagrams to ensure repeatability and continuous system documentation.
• Troubleshoot platform and pipeline issues across application, network, and infrastructure layers to minimize downtime for AVAP customers.

• Contribute to monitoring and metrics collection (availability, scan throughput, failure rates, license utilization) to support program-level reporting.

Required Education & Experience:

• Bachelor’s degree in Computer Science, Information Technology, or related field and 9+ years experience; Masters and 7+ years; may accept additional experience in lieu of degree.
• 3+ years of hands-on experience in system administration and DevOps engineering supporting containerized platforms/Kubernetes.
• Demonstrated expertise with Azure (preferred) and familiarity with AWS and GCP cloud services.
• Hands-on experience with Kubernetes administration (AKS), Helm, and containerization (Docker).
• Experience with system administration pertaining to SQL servers/databases, backup/restore, patching, etc.
• Experience with Infrastructure-as-Code (ARM/Bicep, Terraform, Helm) and CI/CD pipelines (Azure DevOps).
• Demonstrated experience with Terraform, Bicep, and/or ARM for infrastructure automation and immutability.
• Strong troubleshooting skills across networking, compute, and application layers.
• Familiarity with application security tools is a plus (OpenText Fortify Software Security Center, License and Infrastructure Management, OWASP Dependency Track, etc.).
• Understanding of single sign-on implementations using SAML/OIDC (management of users/groups in Okta) as well as SCIM for automatic user provisioning.
• Excellent technical writing and documentation skills.
• Ability to work within government compliance frameworks (FedRAMP, NIST, FISMA, Zero Trust).

Clearance:

• US Citizenship.
• Active Secret with the ability to obtain a Top Secret.