Application Vulnerability Assessment Program (AVAP) Engineer / System Administrator

About The Position

Requirements

• Demonstrated expertise with Azure (preferred) and familiarity with AWS and GCP cloud services.
• Hands-on experience with Kubernetes administration (AKS), Helm, and containerization (Docker).
• Experience with system administration for both Windows and Linux environments
• Experience with system administration pertaining to SQL servers/databases, backup/restore, patching, etc.
• Experience with Infrastructure-as-Code (ARM/Bicep, Terraform, Helm) and CI/CD pipelines (Azure DevOps).
• Demonstrated experience with Terraform, Bicep, and/or ARM for infrastructure automation and immutability.
• Strong troubleshooting skills across networking, compute, and application layers.
• Familiarity with application security tools is a plus (OpenText Fortify Software Security Center, License and Infrastructure Management, OWASP Dependency Track, etc.)
• Understanding of single sign-on implementations using SAML/OIDC (management of users/groups in Okta) as well as SCIM for automatic user provisioning.
• Excellent technical writing and documentation skills.
• Ability to work within government compliance frameworks (FedRAMP, NIST, FISMA, Zero Trust).
• Bachelor’s degree in Computer Science, Information Technology, or related field, or equivalent hands-on experience.
• 3+ years of hands-on experience in system administration and DevOps engineering supporting containerized platforms/Kubernetes.
• Active Secret with the ability to obtain a Top Secret

Responsibilities

• Design, deploy, and maintain secure, scalable, and resilient cloud infrastructure in Azure such as Azure Key Vault, Azure SQL Server, Azure SQL DB, Azure Kubernetes Service (AKS), etc.
• Operate and administer Kubernetes clusters (AKS) including node pools, networking, persistent volumes, ingress controllers, secrets management, access control, namespaces, etc.
• Manage system administration for both Windows and Linux environments
• Manage container image lifecycle and updates by pull hardened images (i.e., Iron Bank), scan for vulnerabilities, enforce least-privilege configurations, and publish to ACR.
• Perform regular server administration tasks including patching, user provisioning, system monitoring, and backup/restoration.
• Automate deployments of infrastructure and applications using Azure DevOps or equivalent CI/CD pipelines with ARM/Bicep/Terraform and Helm.
• Implement and enforce security/compliance controls aligned to NIST SP 800-53 and Zero Trust (i.e., key vault integration, secret management, TLS cert rotation).
• Develop and maintain operational runbooks, playbooks, SOPs, and system/network architecture diagrams to ensure repeatability and continuous system documentation.
• Troubleshoot platform and pipeline issues across application, network, and infrastructure layers to minimize downtime for AVAP customers.
• Contribute to monitoring and metrics collection (availability, scan throughput, failure rates, license utilization) to support program-level reporting.