Principal Infrastructure Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field; equivalent professional experience may be considered.
• 10+ years of hands-on experience across infrastructure engineering, systems administration, network engineering, cloud engineering, and/or security engineering.
• Demonstrated ability to independently diagnose and resolve complex multi-layer infrastructure problems across network, security, virtualization, identity, cloud, and application layers.
• Deep production experience with VMware vSphere, including ESXi, vCenter, vMotion, HA/DRS, storage, distributed networking, lifecycle management, and performance troubleshooting.
• Strong experience with Palo Alto Networks firewalls, including policy design, NAT, threat prevention, VPN/GlobalProtect, segmentation, and Panorama or equivalent management.
• Deep knowledge of Active Directory architecture and administration, including multi-forest environments, Group Policy, replication, DNS/DHCP, trusts, and hybrid identity with Microsoft Entra ID.
• Hands-on experience with Microsoft Azure infrastructure, hybrid architectures, Microsoft 365 administration, Exchange Online, Teams, SharePoint, conditional access, and MFA.
• Experience with backup, disaster recovery, and restore validation using Veeam or similar enterprise backup platforms.
• Strong understanding of networking fundamentals, including TCP/IP, VLANs, routing, switching, VPNs, load balancers, DNS, certificates, CDN/edge services, and email authentication such as SPF, DKIM, and DMARC.
• Experience supporting Windows Server and Linux environments, patch management, system hardening, monitoring, and operational documentation.
• Working knowledge of compliance and security frameworks such as SOC2, NIST, and FedRAMP, especially as they relate to infrastructure controls and cloud readiness.
• Strong written and verbal communication skills, including the ability to produce clear documentation, explain technical risk, and communicate effectively with technical teams, business stakeholders, and executive leadership.

Nice To Haves

• Direct experience preparing environments for FedRAMP authorization, including control implementation, system security plan support, POA&M remediation, and 3PAO coordination.
• Experience planning or executing cloud migrations from on-premises VMware environments to Azure in regulated or government-adjacent environments.
• Experience administering Microsoft Dynamics Business Central and/or Dynamics NAV, including on-premises deployments and SQL Server coordination.
• Experience with Dynatrace, SolarWinds, Netwrix, Cloudflare, SendGrid, CodeTwo, GlobalSign, LastPass, Jscape, Files.com, and similar infrastructure tools.
• Experience with CI/CD pipelines, GitHub, PowerShell, Python, Terraform, Ansible, or other automation and infrastructure-as-code tools.
• Certifications such as VMware VCP-DCV, Palo Alto PCNSA/PCNSE, Microsoft Azure Administrator (AZ-104), Azure Solutions Architect (AZ-305), Microsoft 365 Administrator, CompTIA Security+/CASP+, RHCSA/RHCE, or similar.
• Experience supporting education technology, credentialing platforms, government systems, apostille processes, vital records, StateRAMP, CJIS, FERPA, CCPA, GDPR, or similar privacy/compliance requirements.

Responsibilities

• Assess the current Paradigm and @Gov infrastructure environments, including network segmentation, firewall policy, Active Directory forests, VMware vSphere, Azure, Microsoft 365, Dynamics, backup, monitoring, DNS/CDN, and certificate management.
• Design and maintain secure, scalable, and resilient infrastructure architectures that support credentialing, apostille, vital records, and government services platforms.
• Create prioritized remediation plans for misconfigurations, single points of failure, capacity constraints, technical debt, and operational risk.
• Develop target-state architecture and transition plans for Paradigm's hybrid environment and @Gov's post-FedRAMP cloud migration path.
• Recommend improvements to tooling, automation, vendor relationships, licensing, and infrastructure processes where they improve maturity, resilience, security, or cost efficiency.
• Serve as the senior escalation resource for complex incidents that span multiple infrastructure domains or exceed the capabilities of day-to-day administration.
• Diagnose and resolve production issues end-to-end across Palo Alto firewalls, VMware vSphere, Active Directory and Entra ID, Azure services, Dynamics environments, email deliverability, backups, monitoring, and application infrastructure.
• Lead high-severity incident response, coordinate with infrastructure, development, QA, business stakeholders, and vendors, and drive root-cause analysis and post-incident remediation.
• Build and maintain runbooks, escalation procedures, architecture diagrams, and post-mortem templates that improve response consistency and team capability.
• Administer and optimize Palo Alto next-generation firewall configurations, including security policies, NAT rules, threat prevention, URL filtering, GlobalProtect VPN, and inter-network access controls.
• Manage network switching, routing, VLANs, VPNs, load balancers, DNS, DHCP, and related physical and virtual network infrastructure across segmented environments.
• Serve as a senior authority for separate Active Directory forests and domains, including domain controllers, replication, Group Policy, DNS/DHCP, OU design, trusts, and hybrid identity patterns.
• Manage Paradigm's Azure/Entra ID hybrid identity, Microsoft 365 administration, conditional access, SSO, MFA, privileged access controls, and user lifecycle processes.
• Harden infrastructure in alignment with SOC2, NIST, government security requirements, and FedRAMP readiness expectations for @Gov.
• Administer and improve VMware vSphere environments, including ESXi, vCenter, HA/DRS, vMotion, resource management, VM networking, templates, upgrades, storage, and performance tuning.
• Administer Azure infrastructure for Paradigm, including compute, networking, storage, subscriptions, identity services, monitoring, and hybrid connectivity with on-premises systems.
• Plan @Gov's future migration from fully on-premises infrastructure to Azure once FedRAMP certification objectives are met.
• Implement automation and infrastructure-as-code practices using tools such as Terraform, Ansible, PowerShell, or similar platforms.
• Maintain server hardware, operating systems, patching, rack/data-center coordination, UPS, and supporting infrastructure needed for reliable operations.
• Support infrastructure for Microsoft Dynamics Business Central and NAV environments, including server administration, SQL Server coordination, performance, availability, backups, and change windows.
• Manage and improve monitoring and observability using tools such as Dynatrace, SolarWinds, Netwrix, and related alerting/reporting platforms.
• Manage Veeam backup and recovery capabilities, including job configuration, retention, restore testing, disaster recovery documentation, and recoverability validation for critical systems.
• Administer supporting platforms such as Cloudflare, GlobalSign certificates, SendGrid, CodeTwo, Jscape, Files.com, Dropbox, LastPass, and collaboration tools as needed.
• Map critical workflows and dataflows across edge, firewall, application, database, ERP, identity, and cloud layers to identify dependencies, bottlenecks, and operational risks.
• Partner with software engineering, QA, finance, operations, product, and executive stakeholders to align infrastructure decisions with business needs and customer commitments.
• Participate in change control, release planning, audit support, and compliance documentation with attention to cross-system and cross-network impacts.
• Mentor systems administrators through pairing, documentation, architecture reviews, and hands-on knowledge transfer without assuming direct people-management responsibilities.
• Identify team skill gaps and recommend training, certifications, and process improvements that raise the technical capability of the IT organization.

Benefits

• Medical, dental, and vision insurance based upon length of service qualifications.
• Retirement plan available based upon length of service qualifications with company match.
• Paid sick leave, annual leave, and paid holidays.
• Professional development support, including training and certification sponsorship where aligned with business needs.