← Back to Jobs
Technology
Systems Automation Engineer with Security Clearance
Scientific Research CorporationColorado Springs, CO🇺🇸United StatesPosted 13 Jul 2026
Quick Overview
Salary
$132.3k - $220.4k/yr
Work Type
Hybrid
Level
Mid Senior
Job Description
Salary Statement Estimated Starting Salary Range: USD $132,250.00/Yr. - USD $220,400.00/Yr. Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data. Description The Systems Automation Engineer architects, secures, and sustains a fully air-gapped, multi-account Kubernetes platform in AWS GovCloud, built on RHEL, RKE2, and self-managed GitLab. This role is built on an automation-first mindset infrastructure-as-code, one-shot repeatable deployments, CI/CD pipelines, and containerization to deliver highly scalable, resilient, and secure solutions in a disconnected environment. The engineer eliminates manual processes in favor of bundled, offline-reproducible deployments, embeds DevSecOps and zero-trust identity across the full system lifecycle, and operates the platform to meet NIST, RMF, STIG, and IL5/IL6/TS-SCI requirements. Platform && Infrastructure Engineering * Designing, deploying, and sustaining RHEL 8/9/10 environments and RKE2 Kubernetes clusters across multiple AWS accounts and VPCs * Operating the cluster contr ol plane and per-environment agent pools (dev/test/staging/prod) with node labeling, taints, and workload isolation * Performing hardening, patching, and performance tuning in a disconnected environment using bundled RPM delivery (no upstream repos), SELinux, and host firewalls * Administering platform-native core services CoreDNS, AWS Route 53, ingress/load balancing, and certificate lifecycle (cert-manager / TLS secrets) * Designing HA/DR and resilience multi-node contr ol planes, automated backup/restore of stateful workloads (PVCs, GitLab, databases), and failover across availability zones Cloud && Network Engineering * Architecting and managing AWS GovCloud environments (EC2, S3, EBS, VPC, IAM, Route 53) across multiple accounts with cross-account roles, key pairs, and AMI strategy * Designing secure, scalable multi-VPC network architectures Transit Gateway meshes, subnets, routing, and CIDR-based security-group rules (cross-VPC SG references are not available in GovCloud) * Implementing all infrastructure as code with Terraform (reusable per-VPC modules, cross-account providers, programmatically rendered variables) * Standing up and operating an in-environment OCI/container registry and bootstrap services for offline image distribution * Optimizing cloud cost, performance, and availability through right-sizing, repeatable destroy/redeploy, and monitoring DevSecOps && GitLab Platform * Building and sustaining CI/CD pipelines on self-managed GitLab EE, including version-ladder upgrades, the container registry, and auto-registered Kubernetes runners * Integrating DevSecOps container/image CVE scanning (e.g., Trivy, Grype, Clair), secrets management, and policy/gating in pipelines * Operating container build and delivery tooling (Docker/podman, kaniko, Helm) with helm-template-derived, air-gap-reproducible image bundles * Implementing GitOps delivery with ArgoCD (pull-based, per-app Applications, environment promotion and prod gating) Automation && Air-Gap Delivery * Developing automation that eliminates manual intervention single-command, phase-driven deployments validated end-to-end before delivery * Engineering self-contained, offline deployment bundles (RPMs, OCI images, Helm charts, binaries) for reproducible installs in disconnected networks * Writing and maintaining automation in Ansible, Python, and Bash; automating provisioning, configuration management, and patching * Maintaining idempotent, resumable deploy/upgrade/teardown workflows Identity, Security && Compliance * Implementing zero-trust identity and SSO with Keycloak (OIDC/SAML), federating platform services (GitLab, ArgoCD, monitoring, admin UIs) and supporting CAC/PIV X.509 smart-card authentication * Implementing system hardening in accordance with DISA STIGs and NIST baselines as automated, repeatable contr ols * Supporting RMF/ATO processes authoring contr ol evidence, security documentation, POA&&M items, and continuous-monitoring inputs * Implementing centralized logging, monitoring, and alerting (Elastic/SIEM, host/audit telemetry, and AWS-native sources where applicable) * Ensuring IL5/IL6/TS-SCI compliance through enforced security contr ols, secrets-at-rest protection, and system hardening Observability, Operations && Support * Standing up and operating monitoring/observability (Prometheus, Grafana, node/cluster metrics) and vulnerability scanning (ACAS Tenable.sc/Nessus) * Monitoring system performance, availability, and capacity to ensure reliability and scalability * Troubleshooting complex, cross-component issues across the platform (networking, DNS, container runtime, registry, identity) to restore operations * Providing Tier III support and leading root-cause analysis to resolve issues and prevent recurrence * Maintaining architecture documentation, deployment guides, and standard operating procedures/runbooks #LI-LH1 Requirements * Five plus years of experience in systems/infrastructure engineering with strong Linux (RHEL 8/9/10) depth * Five plus years of experience in DevSecOps, automation, and AWS cloud environments * Strong hands-on experience with AWS core services and multi-account/VPC networking * Production experience operating Kubernetes (RKE2 preferred) RBAC, ingress, Helm, troubleshooting * Experience with scripting/automation in Ansible, Python, and Bash * Hands-on experience with Infrastructure as Code (Terraform) * Experience building and sustaining CI/CD pipelines (GitLab) * Working knowledge of networking fundamentals (routing, host firewalls, load balancers, DNS) * Experience applying DISA STIG / NIST hardening and supporting RMF/ATO in DoD or regulated environments * Ability to obtain/maintain a security clearance consistent with IL5/IL6/TS-SCI work Certifications: * Red Hat Certified System Administrator (RHCSA) or higher * Certified Kubernetes Administrator (CKA) * CompTIA Security+ (or higher, e.g., CISSP) DoD 8570/8140 baseline * AWS Certified Solutions Architect (Associate or Professional) Desired Skills * Experience with Kubernetes (RKE2, EKS, OpenShift, NKP, Rancher Federal, or similar) * Knowledge of zero-trust architecture and modern identity solutions * Experience with HashiCorp Vault, ArgoCD, or GitOps workflows, and service mesh technologies * Familiarity with monitoring tools (Prometheus, Grafana) * Experience in DoD or regulated environments (RMF, IL5/IL6/TS-SCI) Clearance Information SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT. THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL. Travel Requirements * Locally within US Space Command's Colorado Springs AOR. Peterson SFB, Schriever SFB and other locations in Colorado Springs * Up to two weeks per month to US Space Command facilities at Redstone Arsenal, Hunstville Alabama About Us Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals with amounts increasing based on role and years of service, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information. EEO Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment. All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other protected characteristic under federal, state or local law. Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
Skills
Docker
AWS
Load Balancing
SAML
SSO
Service Mesh
Ansible
ArgoCD
Bash
Bootstrap
DNS
Grafana
Helm
Kubernetes
Prometheus
Python
REST
Terraform
Vault
Similar jobs
Java spring boot developer
CEIPAL - API TESTING · Cherokee, United States
45 minutes agoSenior Systems Engineer, Launched Effects with Security Clearance
Anduril Industries · Atlanta, United States
45 minutes ago$126k - $167k/yrNetwork / System Engineer
Genesis10 · Pennington, United States
45 minutes ago$64 - $72/hrData Engineer
Booz Allen Hamilton · McLean, United States
46 minutes ago$62k - $141k/yrAI Researcher / AI Engineer
Anson McCade · Miami, United States
1 hour ago$250k - $2000k/yrSenior DevOps Engineer
London Stock Exchange Group · New York, United States
1 hour ago$129.7k - $216.1k/yr