Senior Security Engineer & System Architect

Job Type

Full-time

Description

This project provides information system support for the government Public Building System (PBS) servers, networks, applications, and devices. Services include Help Desk support, installation, provisioning, patching, updates, security hardening, monitoring, and reporting on system and application performance and availability.

Summary of Major Job Functions

The Senior Security Engineer & System Architect designs, builds, and maintains secure, resilient IT infrastructures. This role serves as a technical leader translating business and mission needs into secure solutions, integrating security best practices across the full system development lifecycle. Responsibilities include system and network hardening, cloud and firewall security, risk assessments, incident response, and mentoring technical teams.

Primary Responsibilities

Senior Linux Administrator

• Administer Linux systems in enterprise and production environments (RHEL required).
• Manage core OS services including disk management, DNS, networking, and package management.
• Automate administration using Bash, Python, Perl, and configuration management tools such as Ansible, Puppet, or Chef.
• Implement CIS hardening, patching, vulnerability remediation, and STIG/RMF compliance.
• Standardize Linux server templates and support migration efforts.
• Provide Tier 3 support and participate in a 24/7 on-call rotation.
• Mentor junior administrators and collaborate with cross-functional teams on new deployments.

Senior Network Administrator

• Deploy, configure, and manage Citrix ADC (NetScaler) for load balancing, SSL offloading, and high availability.
• Manage Public Key Infrastructure (PKI) and certificate lifecycle.
• Configure virtual servers, services, and traffic flows to ensure performance and security.
• Create and maintain SOPs, MOPs, architecture diagrams, and knowledge articles.
• Lead troubleshooting and crisis response for complex network and application issues.
• Develop automation using Python or NetScaler Console (ADM).
• Demonstrate deep expertise in IPv6 implementation and design.

DevSecOps / CI/CD Pipeline Engineer

• Design, implement, and maintain security automation within DevSecOps pipelines.
• Build, maintain, and troubleshoot CI/CD pipelines using Jenkins and GitLab.
• Identify, assess, and prioritize vulnerabilities across applications and infrastructure.
• Partner with development and security teams to support remediation and continuous improvement.

Requirements

Education & Experience

• Bachelor’s degree in Computer Science or a related field.
• 5–8 years of Linux administration experience.
• 5–8 years of network engineering experience, including at least 5 years with Citrix NetScaler.
• 5–8 years of Citrix ADC (NetScaler) experience.
• Protocol experience including TCP/IP, BGP, OSPF, and SSL.
• Experience with AWS or Azure networking is a plus.
• Strong analytical, problem-solving, communication, and multi-tasking skills.
• Analyze technical needs, requirements, system designs, integrations, and operational impacts.
• Recommend and implement approved cost-cutting technologies and methods to improve efficiency and reduce PB-ITS costs.
• Lead teams and collaborate with infrastructure engineers to develop detailed designs and quality controls.
• Support implementation, tuning, optimization, maintenance, and enhancement of applications and integrations.
• Coordinate with GSA teams to ensure technical components align with Government requirements, including GSA IT CIO-IT Security-19-95.
• Plan PB-ITS system architectures, including long-term upgrades, redesigns, migrations, and modernization efforts.
• Create and maintain system designs, baselines, and implementation documentation.
• Coordinate with GSA IT teams to ensure that virtualization, backups, networking, authentication, authorization, and security functions operate optimally.
• Ensure compliance with IPv6 requirements as outlined in OMB M-21-07 and GSA IT policy.

Desired Skills & Qualifications

• AWS Cloud Engineer with experience designing and managing scalable, secure AWS infrastructure, including IaC and disaster recovery.
• IBM App Connect Professional (ACP) experience in installing, upgrading, and deploying integration solutions.
• IBM App Connect experience in configuring integration nodes and servers.
• Kubernetes and container engineering experience in on-premise and cloud environments.

Certifications ( At least two of the following professional certifications: )

• RHCSA, RHCE, or CompTIA Linux+
• Certified DevSecOps Professional
• IBM Certified Administrator – App Connect Enterprise
• Citrix Certified Professional/Expert – Networking (CCP-N / CCE-N)
• CCNP Security or CCIE
• AWS Certified Solutions Architect – Associate
• AWS Certified SysOps Administrator
• AWS Certified DevOps Engineer – Professional

Additional Information

• To meet the clearance requirements for this opportunity, candidates must be authorized to work in the US
• All candidates will be subject to a complete background check, including, but not limited to, Criminal History, Education Verification, Professional Certification Verification, Verification of Previous Employment, and Credit History.
• Public Trust background investigations can take approximately four to eight weeks and require fingerprinting.

Other Information

• The salary for this position is $80,000 - $124,000 annually
• For information on SFI's benefits, please visit http://www.spatialfront.com/pages/career.html
• This is a full-time W2 position.
• Please no agencies, third parties, or Corp-to-corp.
• Spatial Front Inc. is an Equal-opportunity Employer; all qualified applicants will receive consideration for employment.
• Spatial Front Inc. participates in E-Verify.

Salary Description

$80,000 - $124,000 Annually