SAIC is seeking a skilled and motivated Mid-Level Infrastructure Engineer with a strong background in Windows environments, Infrastructure as Code (IaC), and configuration management. The DevSecOps Engineer will play a pivotal role in maintaining preexisting IL5 environments through production and will collaborate with cross-functional teams to deploy secure, resilient, and scalable infrastructure, applications, and pipelines.
Responsibilities:
- Deploy, configure, maintain, and troubleshoot Active Directory (AD) and Domain Controller (DC) environments in a hybrid or on-premise Windows environment
- Maintain the integrity and security of AD forests, domains, and trusted environments
- Harden Active Directory and Domain Controller configurations following DoD STIG compliance and industry best practices
- Manage Group Policy Objects (GPOs) and enforce security policies using tailored configurations
- Ensure monitoring, logging, and auditing capabilities are in place to track AD/Domain Controller performance and security
- Ensure security best practices, including Role-Based Access Control (RBAC), namespace isolation, and secure ingress/egress traffic configurations
- Create AWS AMI for Windows Servers using Packer, Ansible, and powershell
- Work within a secure, air-gapped IL5 environment and implement robust processes to ensure compliance with DoD or other regulatory frameworks
- Implement and ensure the security and availability of Windows and Linux systems, including patch management, vulnerability assessments, and compliance with organizational policies
- Automate recurring tasks using scripting tools like PowerShell, Ansible, Python, Bash or Powershell to improve operational efficiency
- Troubleshoot issues within Windows (file systems, network connectivity, performance, and authentication)
- Plan and execute upgrades, migrations, and installations for both Windows and Linux systems
- Collaborate with cross-functional teams to ensure systems integration and operational effectiveness
- Develop and deliver technical documentation, including CI/CD pipeline configurations, workflow processes, and build instructions
Requirements:
- Technical Education/Clearance
- Must have BS Degree with (6) six years of experience
- Security+ Certification
- Must have an active Secret Clearance
- Strong knowledge of Active Directory architecture, including replication, forests, and domains
- Proficiency with Windows Server administration, roles, and features
- Comprehensive Understanding with security frameworks, such as NIST or ISO, and their application in AD/DC environments
- Experience in integrating authentication/SSO identity solutions including but not limited to Keycloak, Active Directory, SAML integration with SSO in tools, RBAC best practices within AD
- Proficiency with GitLab CI/CD and Git-based workflows to version control and orchestrate pipelines
- Knowledge and experience working in secure environments, specifically Impact Level 6 (IL6) or similarly controlled environments, with a strong understanding of DoD or equivalent compliance frameworks
- Proficiency in tools for security automation: Image Scanning Tools (e.g., Anchore), Static Code Analysis Tools (e.g., SonarQube), Software Signing Tools (e.g., Cosign) for image and binary integrity verification
- Hands-on experience with container hardening and vulnerability remediation
- Strong scripting and automation skills for automating configuration, build, and deployment processes
- Proficiency with Infrastructure as Code (IaC) tools like Terraform, Helm, or Ansible for provisioning and managing secure environments
- Ability to effectively communicate complex technical concepts to developers, security teams, and stakeholders
- Proven experience collaborating in multidisciplinary teams within Agile or DevSecOps methodologies