Cleared Software Engineer, Infrastructure

About The Position

Requirements

• Deep experience operating where nothing can be pulled from the internet.
• Strong Helm skills and an understanding of environment-specific translation are essential.
• Comfort with stateful workloads in constrained environments is a must.
• Experience operating Rancher, ArgoCD, and Harbor in disconnected environments is essential.
• Rigorous security practices and familiarity with classified handling procedures are required.
• A fundamental understanding of public key infrastructure is essential.
• Experience with rootless, hardened container tooling is needed.
• Deep Kubernetes internals knowledge and self-sufficiency are essential.
• Every millisecond and megabyte matters when hardware is fixed and access is limited.
• Clear technical writing for classified operational contexts is important.
• Active U.S. security clearance (TS/SCI).

Nice To Haves

• Experience operating Kubernetes across classified environments : on-prem cloud (GovCloud, C2S), standalone clusters, or SCIF environments at IL4/IL5/IL6
• Prior work with Podman and Buildah for rootless container builds in restricted environments
• Experience with identity provider deployment (Keycloak or similar) without cloud backends
• Background in workflow orchestration operations (Temporal or similar), especially schema bootstrapping and upgrades without internet access
• Familiarity with DoD-hardened base images, or STIG compliance
• Experience authoring STIGs, SSPs, or ATO documentation for classified deployments
• Prior work with cross-domain solutions or data transfer procedures between classification levels

Responsibilities

• Own the air-gapped deployment pipeline end to end: transferring source code, charts, and configuration to disconnected environments, then building and deploying container images onsite.
• Author and maintain onsite Helm configurations that adapt to each deployment target, whether that means leveraging managed services in an on-prem cloud or replacing them with Kubernetes-native alternatives on standalone clusters.
• Deploy and operate stateful infrastructure services (databases, caching, workflow orchestration, identity, object storage) on bare Kubernetes without managed cloud backends.
• Own the onsite cluster management and delivery toolchain including Rancher for Kubernetes lifecycle management, ArgoCD for GitOps-based deployments, and Harbor as the container registry.
• Manage the secrets lifecycle in classified environments, ensuring all credentials are generated fresh onsite with no secrets transferred on physical media.
• Own PKI and certificate management across onsite deployments: CA hierarchies, certificate issuance and rotation, mTLS between services, and trust chain validation in environments where external certificate authorities are unavailable.
• Build and maintain OCI-compliant container build pipelines (Podman, Buildah) for environments where Docker is not available.
• Troubleshoot Kubernetes issues in environments with no external access : crashed pods, failed migrations, certificate errors, storage problems, all without pulling a debug image or searching the internet.
• Profile and optimize system performance in constrained environments : resource utilization, pod scheduling, storage I/O, and network throughput on clusters where you can't simply scale up.
• Ensure deployment parity between cloud and onsite by validating that health checks, resource limits, and service configurations stay aligned across both tracks.
• Own the onsite monitoring architecture that gives the team high visibility into system health, resource utilization, and service status across environments.
• Author and maintain database operations tooling (migrations, backup/restore, schema management) that works reliably in disconnected environments using Kubernetes Job templates.
• Write deployment procedures, runbooks, and troubleshooting guides that onsite operators can follow independently.

Benefits

• Comprehensive medical, dental, and vision plans
• Premiums 100% covered by Lumbra for all employees
• Exceptionally low premiums for spouses and dependents
• Basic life insurance and disability 100% covered for all employees by Lumbra
• Option to purchase additional life insurance available
• Take the time off that you need, when you need it' paid time off, not accrual based
• Generous company holiday calendar including a holiday shutdown in December
• Supportive leave of absence program including time off for military service, medical events, and parental leave
• Full 401(k) retirement plan for all full-time eligible employees
• Company-funded commuter benefits
• Free access to on-site gym at office