Senior Systems Engineer

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Infrastructure/platform engineering experience in cloud production environments.
• Hands-on Kubernetes operations in production; Amazon EKS strongly preferred.
• Deep expertise in networking: VPC architecture, private endpoints/PrivateLink patterns, routing, ingress/egress control, and traffic isolation.
• Deep expertise in security engineering: IAM least privilege, secrets management, encryption, key management, TLS certificate management, certificate signing processes, logging, and incident response controls.
• Proven experience implementing infrastructure controls for sensitive or regulated data environments (PII/PHI).
• Experience with infrastructure as code and GitOps deployment workflows.
• Strong collaboration and communication skills across technical and non-technical stakeholders.
• Ability to work independently.
• Ability to obtain a Public Trust clearance.
• US Citizenship is required.

Nice To Haves

• FedRAMP experience is strongly preferred (authorization lifecycle, control implementation, SSP/evidence support, and continuous monitoring).
• Experience with HashiCorp Vault, Argo CD, Istio service mesh, and Grafana in production.
• Familiarity with NIST 800-53, NIST CSF, CIS Benchmarks, HITRUST, and HIPAA-aligned security controls.
• Experience integrating AWS security services (e.g., CloudTrail, Config, Security Hub, GuardDuty) into centralized operations.
• Snowflake security/connectivity experience in regulated environments.

Responsibilities

• Design, implement, and operate production AWS/EKS infrastructure for regulated workloads.
• Lead network security architecture, including VPC segmentation, private connectivity, egress controls, DNS restrictions, security groups, NACLs, and Kubernetes NetworkPolicies.
• Implement and enforce zero-trust principles for east-west and north-south traffic.
• Secure EKS clusters and workloads through least privilege IAM/IRSA, hardened node baselines, pod security controls, admission policies, and runtime monitoring.
• Implement and maintain encryption controls for data in transit and at rest, including KMS key management and secret envelope encryption.
• Manage TLS certificate lifecycle (issuance, renewal, rotation, revocation), and enforce trusted certificate signing/chain validation processes across platform and application traffic.
• Partner with teams to secure private Snowflake connectivity and identity-bound service access from EKS workloads.
• Operationalize secure platform tooling (Argo CD, Vault, Istio, Grafana, Neo4j), including RBAC, service isolation, audit logging, and break-glass procedures.
• Build and maintain centralized logging, monitoring, SIEM integration, and alerting for security and compliance events.
• Drive vulnerability management and patching programs with severity-based SLAs and exception tracking.
• Support backup/restore testing, DR exercises, and production readiness evidence collection.
• Produce and maintain audit-ready control evidence and documentation for internal/external assessments.