Clearance: Top Secret, will upgrade to SCI/Poly if required
Position Description: The Senior Systems Administrator II - Red Hat Enterprise Linux (RHEL) supports the Information Technology Operations and Maintenance (O&M) Server team to provide enterprise-level, high-performance, highly available, server technology solutions (systems, applications, and servers) as the customer’s Enterprise IT Systems, Applications, and Services catalogs. Under the guidance of the Principal Systems Administrator, the Senior Systems Administrator provides O&M support – installation, configuration, securing and hardening, testing, sustainment, upgrading, remediation, and decommissioning – as it relates to enterprise server-based solutions on the Linux server platforms across the IT enterprise’s multi-platform information system, varying in size and complexity (LAN, MAN, WAN, etc.). Existing *nix server-based solutions includes a variety of major technology vendors including, but not limited to AIS, McAfee, Microsoft, Red Hat, Splunk, Tenable, ServiceNow, and SolarWinds. The majority of enterprise services hosted on Linux distributions are running on Red Hat Enterprise Linux (RHEL). The Senior Systems Administrator supports the mid-level internal escalation tier(s) for the Server O&M team providing troubleshooting support and guidance to assess and remediate challenges in the Server system, Application, and Services in a timely manner that arise. The Senior Systems Administrator also contributes to the production and maintenance of documentation for the Server team’s solution system(s), sub-system(s), and component(s) deployed and in use in the customer’s IT Solutions portfolio, including as-built documentation, capacity/performance plans, policies and procedures, workflows, run books, and all other area of server system life-cycle planning. Position Qualifications: • Shall have 5 or more years of hands-on experience providing O&M support of Linux-based enterprise server operating systems (OSs) (primarily RHEL) and server applications and services, such a Red Hat Satellite, Ansible, Puppet, etc., hosted on those platforms on a production information systems varying in size and complexity (LAN, MAN, WAN, etc.). • Shall have 3 or more years of personal and hands-on experience installing, configuring, tuning, securing, operating, and maintaining Red Hat Satellite as the infrastructure management solution to keep deployed production RHEL environments running efficiently, securely, and compliant within an enterprise production environment. Working knowledge and/or hands-on experience with Red Hat Satellite 6.3 or newer is a plus. • Shall have 3 or more years of experience operating and maintaining solutions in secure processing environments which must adhere to U.S. Government Information Assurance and Security standards such as the Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs). • Shall have 3 or more years of personal and hands-on experience planning, implementing, configuring, documenting, and maintaining Security Enhanced Linux (SELinux) configurations, to include Multi Category Security (MCS) and Multi Level Security (MLS), on supported Linux platforms, to include RHEL. • Demonstrated hands-on experience providing O&M support to third-party anti-virus and anti-malware products installed on RHEL platforms to include advanced and in-depth impact analysis, policy and rule review, and providing recommendations to ensure RHEL platforms are running securely, but also as efficient and optimal as possible within information assurance (IA) and information security (INFOSEC) boundaries. • Demonstrated experience understanding and applying vendor guidance and best practices to securely implement, configure and support the use of an established Microsoft Active Directory (AD) as a centralized identity and authentication solution for supported Linux platforms, with specific focus on RHEL. • Demonstrated experience monitoring deployed production Linux platforms for performance, avlability, and/or security degradation, issues, problems, and/or risks and proactively recommending platform tuning, maintenance, upgrades, or other appropriate correct or remediate them before they impact the business or mission function, or end-user directly. • Demonstrated experience authoring, testing, troubleshooting, and implementing scripted technologies, such as Microsoft PowerShell on Linux, Bash, Perl, Python, etc., to automate and orchestrate routine, as well as complex O&M duties and responsibilities, with a focus on maximizing efficiency, consistency, and minimizing the subsequent human error factor of related tasks. Shall meet the Cyber IT/Cybersecurity Workforce (CSWF) System Administrator (451); Intermediate Level for SECNAV M-5239.2 compliance. (See Navy Cool WebSite) Education: Bachelor Degree from accredited University; or CNSSI/NTSSI 4015-Systems Certifiers/4016-Risk Analysts; OR Training: CYBR1005 Security Essentials; or NEC 736A Global and Command Control System-Maritime 4.X (GCCS-M 4.X) System Administrator; or NEC 738A Global Command and Control System-Maritime (4.1) Increment 2 System Administrator; or NEC 739A Global Command & Control System-Maritime 4.0.3 (GCCS-M 4.0.3) System Administrator; or NEC 746A Information Systems Technician (IAT II); or NEC C26A AN/SSQ-137 Ship’s Signal Exploitation Equipment (SSEE) Maintenance Technician; or NEC C27A Submarine Carry-on Equipment Technician; or NEC C28A Ship’s Signal Exploitation Equipment Increment Foxtrot (SSEE INC F) Maintenance Tech; or NEC N71Z CVN Propulsion Plant Local Area Network (PPLAN) Administrator; or NEC T02A AN/BYG-1 (V) TI04 Combat Control Maintenance Technician; or NEC T04A SSGN Tactical Tomahawk Weapon System (TTWCS) Maintenance Technician; or NEC T09A AN/BYG-1 (V)9 TI-10 Combat Control Maintenance Technician; or NEC T10A AN/BYG-1 (V) TI-12/14 Maintainer; or NETW 4001 Security Plus; OR Certification: CompTIA Security+ ce; or GIAC Security Essentials Certification (GSEC); or Systems Security Certified Practitioner (SSCP); AND OJT: NAVEDTRA 43345 - Navy Regional Enterprise Messaging System (NREMS); or NAVEDTRA 43347 - Wireless Reach Back System (WRBS); or NAVEDTRA 43348-A - Shipboard Wide Area Network (SWAN); or NAVEDTRA 43355-1 - Navy Networks; or NAVEDTRA 43355-1 - Watchstation 302 - Navy Networks; or NAVEDTRA 43355-1 - Watchstation 303 - Navy Networks; or NAVEDTRA 43355-1 - Watchstation 304 - Navy Networks; or NAVEDTRA 43355-1 - Watchstation 305 - Navy Networks; or NAVEDTRA 43359-A - Centrixs-M; or NAVEDTRA 43555-1D - Global Command & Control System-Maritime 3X (GCCS-M 3X); or NAVEDTRA 43555-3A - Global Command & Control System Maritime 4X (GCCS-M 4X); or NAVEDTRA 43555-4 - Global Command & Control System Maritime Force Level V4.1.X.X (GCCS-M 4.1.X.X); or NAVEDTRA 43555-5 - Global Command & Control System M Unit Level V4.1.X.X (GCCS-M 4.1.X.X); and NAVEDTRA 43469 Watchstation 302 - Information Assurance Technician Level II (Privileged User); AND Continuous Learning: DoD requires 20 hours Continuous Learning each calendar year. This requirement is in addition to any industry certification Continuous Learning requirement. [Note: DoD 20 hours Annually - Industry certification Continuous Learning may be applied towards DoD 20 hour annual requirement. However, not all DoD Continuous Learning hours can be applied to industry certification Continuous Learning requirement, check with certification agency on what may be accepted.]; AND Operating System/Computing Environment Certificate: Operating System/Computing Environment (OS/CE) certificate of training, as dictated by Command Cyber IT/CSWF-PM; AND Sign Privileged Access Statement: System Authorization Access Request (SAAR) with Privileged Access agreement as required by Local Command. Desired Qualifications: • Strongly desired to be at least Red Hat Certified Systems Administrator (RHCSA) certified. Red Hat Certified Engineer (RHCE) certification is most desired. • Strongly desired to be Red Hat Certified Specialist in Server Security and Hardening or Global Information Assurance Certification (GIAC) Certified UNIX Security Administrator (GCUX) certified. • Technical certifications in other enterprise-level OSs, applications, and technologies, such as Cisco, Microsoft, Splunk, and SolarWinds are also a plus. • Strong understanding and hands-on experience with RHEL 6 and 7 are most desired. • Demonstrated experience and strong understanding of Yum and RPM and implementing, configuring, operating, maintaining, and synchronizing repositories. • Demonstrated experience performing advanced troubleshooting techniques, methodologies, processes and practices to quickly identify and assess an issue, develop the strategy to resolve the issue, implement the resolution, and restore the degraded entity to an operational state all while maintaining concern for the original configuration and the overall Information Security (INFOSEC) posture of the environment. • Demonstrated experience implementing, configuring, securing, operating, and maintaining enterprise solutions to meet vendor and industry information security (INFOSEC) guidance and best practices, DISA SRG/STIG, information assurance (IA) compliance and governance demands, such as the use of cryptography to satisfy Data-atRest Encryption (DARE) and Data-in-Flight Encryption (DIFE) requirements. • Demonstrated experience receiving and reviewing notice of INFOSEC vulnerabilities, issues, and/or problems, research acceptable solutions, presenting the solution for customer acceptance, and implementation to remediate INFOSEC findings within predefined timeframes across multiple platforms, applications, and/or services. • Demonstrated experience providing mentorship and On the Job Training (OJT) to junior and/or lesser experienced team members. • Working knowledge of all aspects of enterprise-grade IT solutions across the technology stack: physical, networking, storage, virtualization, servers, applications, and services. • Familiarity with and/or working knowledge of Cross Domain Solutions (CDSs) capable of providing access to Multiple Independent Levels of Security (MILS) and Operational Domains is desired. Specific working knowledge and/or experience with the AIS SecureView CDS are a plus. • Familiarity with and/or experience providing O&M support to Splunk Core, Enterprise Security (ES), and User Behavior Analytics (UBA) running on RHEL 7 platforms is a plus. • Familiarity with and/or experience providing O&M support to the Tenable Security Center Continuous View suite to include Continuous View, Nessus, Log Correlation Engine (LCE), and Passive Vulnerability Scanners (PVS) running on RHEL 7 platforms is a plus. • Familiarity with and/or experience using McAfee ePolicy Orchestrator, Management for Optimized Virtual Environments (MOVE), and VirusScan Enterprise for Storage (VSES) for the purpose of satisfying IA/INFOSEC end-point anti-virus, threat, firewall, and web control is a plus. • Familiarity with and/or experience using the SolarWinds Orion Platform (NPM, NTA, NCM, IPAM, UDT, NTM, DPA, SAM, etc.) for the purpose of enterprise-wide centralized entity performance, configuration, capacity, and availability monitoring is a plus. • Familiarity with IT Networking technologies, concepts, and approaches to routing and switching, TCP/IP, traffic analysis, packet capturing and analysis, and traffic flow is a plus.