Linux OS Engineer
TekSynap · Montgomery County, MD · 1 mo ago
Information Technology$100k–$130k/yrFull-time
About the role
The Linux OS Engineer is responsible for deploying, administering, and maintaining RHEL/CentOS/Rocky and Ubuntu servers in both dev/test/prod environments. Responsibilities include implementing standard OS baselines, managing patching and kernel updates, and enforcing configuration drift control through automation.
Responsibilities
- Deploy and administer RHEL/CentOS/Rocky and Ubuntu servers (physical and virtual).
- Implement standard OS baselines, golden images, and immutable patterns (e.g., image pipelines, templates, kickstart/preseed, cloud-init).
- Manage patching and kernel updates with maintenance windows and rollback plans; validate health post-change.
- Build and maintain automation using Ansible, Bash, and Python to enforce configuration drift control and speed delivery.
- Integrate configuration policies with CI/CD workflows and version control; write idempotent playbooks/roles.
- Apply and maintain DoD STIG/hardening controls; remediate findings from vulnerability scans; maintain audit artifacts.
- Implement/validate FIPS, SELinux, disk encryption, log forwarding, and secure remote access; support ATO evidence.
- Design and operate logging/metrics/alerting (e.g., journald/rsyslog, auditd, Prometheus/Grafana/ELK) with actionable Service Level Objectives (SLOs).
- Troubleshoot OS, storage, and network performance (I/O, CPU, memory, TCP/IP) using system profiling tools.
- Support clustering and HA patterns (Pacemaker/Corosync, systemd units, load balancers); document and test DR/backup restore.
- Provide Tier 3 escalation; create runbooks/SOPs; participate in on-call rotations as needed.
- Collaborate with cybersecurity, network, storage, and application owners to deliver end-to-end outcomes.
Qualifications
- Active TS/SCI + CI Poly clearance
- 5–7 years of professional experience administering Linux in enterprise or government environments (or equivalent combination of education/experience suitable for mid level).
- One of the following DoD 8570/ CS-NET-451 certifications: Security+, RHCSA/RHCE, CKA.
- Strong proficiency with RHEL-family and Debian/Ubuntu administration, system services, and package managers (dnf/yum/apt).
- Hands-on with Ansible and scripting (Bash, Python) for automation and compliance.
- Demonstrated experience applying STIG/hardening and working within secure change-controlled environments.
- Solid troubleshooting across compute, network, and storage layers; familiarity with virtualization (VMware/KVM) and ticketing/ITSM workflows.
- Ability to create and maintain SOPs, runbooks, and architecture diagrams supporting audits and operations.
Desired Qualifications
- Experience with RHEL Satellite/Foreman, Kickstart, IdM/FreeIPA/AD integration, and secrets management (e.g., HashiCorp Vault).
- Exposure to container runtimes (Podman/Docker), Kubernetes (RKE/AKS/OpenShift), and hardened container images.
- Infrastructure-as-Code (Terraform), cloud (AWS/Azure/Gov zones), and registry/artifact management.
- Monitoring stacks (Prometheus/Grafana, ELK/OpenSearch) and SIEM integrations.
- SSCP CySA + GSEC CASP+ CISSP Red Hat Ansible Automation certification, Kubernetes certification.