Jul 25
Public Trust
IT - Software
Washington, DC (Off-Site/Hybrid)
Senior JBoss Engineer
This position is located in Washington, DC and will be a remote position with intermittent visits to customer location.
Required Skills and Experience:
• Experience with JBOSS, Java EE applications, Red Hat
• In-depth knowledge of Artifactory
• Proven experience with DevSecOps Engineering
• Clearance Required: Must be able to obtain and maintain AOUSC Public Trust
Responsibilities:
• JBOSS
• Install JBoss EAP on supported platforms (Linux, RHEL, Windows).
• Configure in standalone or domain mode, depending on architecture needs.
• Apply Red Hat-supported RPMs or ZIP installations and ensure compliance with licensing.
• Deploy and manage Java EE applications (WAR/EAR) via:
o Management CLI
o Admin Console
o Automation scripts (Ansible, shell)
• Enable rolling deployments, hot deployment
• Set up HTTPS/SSL with trusted certificates and secure keystores.
• Enforce RBAC (Role-Based Access Control) using the management realm.
• Configure security domains, JAAS, and Elytron security (modern Red Hat EAP security subsystem).
• Manage key EAP subsystems:
o Datasources (JDBC)
o JMS (ActiveMQ Artemis)
o Web (undertow)
o EJB, JPA, JAX-RS, JTA, JNDI
• Modify configurations via:
o Management CLI
o xml or domain.xml
o JBoss Management API
• Monitor JVM and application performance with tools like:
o JConsole
o JMC (Java Mission Control)
o JBoss CLI
• Tune JVM options, garbage collection, connection pools, and thread pools.
• Analyze logs (server.log, boot.log) and configure log rotation and log levels.
• Apply Red Hat-provided patches and updates using RHSM or offline methods.
• Maintain backup procedures for:
• Configuration files
o Deployed apps
o Domain/host controllers (in domain mode)
• Prepare and test disaster recovery procedures and environment restoration.
• Integrate JBoss EAP with Red Hat AMQ
• Connect to external systems like databases, message brokers, or logging systems (ELK stack).
• Maintain up-to-date documentation on:
o Configuration changes
o System architecture
o Patching history
• Implement audit logging and track changes for compliance.
• Work with DevSecOps teams to ensure EAP adheres to security best practices.
• Troubleshoot:
o Deployment failures
o Classloading conflicts
o Transaction rollbacks
o Application or subsystem crashes
• Interface with Red Hat Support via the Customer Portal and create support cases when needed.
• Automate tasks using:
o Ansible (especially Red Hat Certified Collections)
o JBoss CLI scripting
o Shell/Python scripts
• Integrate EAP deployments with CI/CD pipelines (Jenkins, GitLab, Tekton).
• Support EAP clustering, session replication, and high availability.
• Manage load balancing with Apache HTTPD, mod_cluster, or HAProxy.
• Manage SSL certificates and domain configurations, ensure SSL certificates are renewed on a timely manner
• Stay up-to-date with JBOSS releases and new features.
• Execute, test and document upgrade procedures in lower and production environments
Artifactory
• Deploy and configure Artifactory instances, ensuring they meet organizational requirements for scalability and high availability.
• Tune Artifactory settings, implement caching strategies, and optimize storage solutions to enhance performance and scalability.
• Utilize tools like Prometheus, Grafana, and JFrog Mission Control to monitor system health, set up alerts, and ensure continuous operation.
• Define and manage user roles and permissions to control access to repositories and artifacts, ensuring security and compliance.
• Integrate Artifactory with LDAP, SSO, or other authentication systems to streamline user management.
• Integrate JFrog Xray with Artifactory to scan artifacts for security vulnerabilities and license compliance.
• Implement fine-grained access control using users, groups, permissions, and permission targets.
• Ensure that backups are encrypted and access-controlled to prevent unauthorized access to sensitive data.
• Pipeline Integration: Integrate Artifactory with CI/CD tools like Jenkins, GitLab CI, and others to automate artifact storage and retrieval.
• Implement processes to promote artifacts through different stages of the development lifecycle, such as development, staging, and production.
• Develop scripts to automate routine tasks, such as repository cleanup and artifact promotion.
• Set up and manage local, remote, virtual, and federated repositories to organize and control access to artifacts.
• Regularly clean up repositories by removing obsolete artifacts and optimizing storage usage.
• Configure repository replication and federated repositories to ensure consistent access to artifacts across geographically distributed teams.
• Monitor the health and performance of Artifactory instances using integrated monitoring tools.
• Generate reports on repository usage, artifact storage, and user activity to inform decision-making.
• Set up proactive alerting mechanisms to detect and resolve issues promptly. Apply security patches and updates in a timely manner.
DevSecOps Engineering:
• Embed security checks into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI).
• Automate code scanning, dependency scanning, and container image scanning.
• Integrate tools like:
o SAST (Static Application Security Testing) — e.g., SonarQube, Fortify
o DAST (Dynamic Application Security Testing) — e.g., OWASP ZAP, Burp Suite
o SCA (Software Composition Analysis) — e.g., Snyk, WhiteSource, Black Duck
• Promote secure coding practices via developer training and secure coding guidelines.
• Define and enforce security policies for app configuration, secrets, encryption, etc.
• Use Infrastructure as Code (IaC) tools like Terraform or Ansible securely.
• Scan IaC templates for misconfigurations (e.g., with Checkov, tfsec, Terrascan).
• Secure cloud resources (AWS, Azure, GCP) using Cloud Security Posture Management (CSPM) tools.
• Set up IAM policies, network segmentation, and encryption at rest/in transit.
• Participate in threat modeling sessions with development teams.
• Identify potential attack vectors in the architecture (e.g., privilege escalation, insecure APIs).
• Prioritize and remediate identified risks based on severity and impact.
• Monitor and manage vulnerabilities in Code, Containers, Dependencies, Infrastructure
• Integrate tools like Trivy, Clair, Aqua, or Anchore into pipelines.
• Track vulnerability metrics, triage findings, and enforce SLAs for remediation.
• Harden container images using minimal base images and security scanning.
• Enforce policies using tools like OPA/Gatekeeper, Kyverno, or PodSecurity Standards.
• Configure Kubernetes RBAC, network policies, and secrets management.
• Implement runtime protections with tools like Falco, Sysdig, or Kube-bench.
• Develop custom scripts/tools for security automation (Python, Bash, Go).
• Automate certificate management, secrets rotation, and access provisioning.
• Maintain DevSecOps toolchains across dev, test, and prod environments.
• Collaborate with development, QA, operations, and security teams.
• Align with compliance standards (e.g., SOC 2, ISO 27001, PCI-DSS, HIPAA).
• Define security policies, guardrails, and governance workflows.
• Integrate security monitoring into observability platforms (e.g., ELK, Grafana, Splunk).
• Enable SIEM and SOAR integrations for real-time threat detection and alerting.
• Support incident response and forensics when security events occur.
Qualifications
• Bachelor’s degree with 12 years (or commensurate experience)
• Master’s degree and 7 years of experience.
This position is located in Washington, DC and will be a remote position with intermittent visits to customer location.
Required Skills and Experience:
• Experience with JBOSS, Java EE applications, Red Hat
• In-depth knowledge of Artifactory
• Proven experience with DevSecOps Engineering
• Clearance Required: Must be able to obtain and maintain AOUSC Public Trust
Responsibilities:
• JBOSS
• Install JBoss EAP on supported platforms (Linux, RHEL, Windows).
• Configure in standalone or domain mode, depending on architecture needs.
• Apply Red Hat-supported RPMs or ZIP installations and ensure compliance with licensing.
• Deploy and manage Java EE applications (WAR/EAR) via:
o Management CLI
o Admin Console
o Automation scripts (Ansible, shell)
• Enable rolling deployments, hot deployment
• Set up HTTPS/SSL with trusted certificates and secure keystores.
• Enforce RBAC (Role-Based Access Control) using the management realm.
• Configure security domains, JAAS, and Elytron security (modern Red Hat EAP security subsystem).
• Manage key EAP subsystems:
o Datasources (JDBC)
o JMS (ActiveMQ Artemis)
o Web (undertow)
o EJB, JPA, JAX-RS, JTA, JNDI
• Modify configurations via:
o Management CLI
o xml or domain.xml
o JBoss Management API
• Monitor JVM and application performance with tools like:
o JConsole
o JMC (Java Mission Control)
o JBoss CLI
• Tune JVM options, garbage collection, connection pools, and thread pools.
• Analyze logs (server.log, boot.log) and configure log rotation and log levels.
• Apply Red Hat-provided patches and updates using RHSM or offline methods.
• Maintain backup procedures for:
• Configuration files
o Deployed apps
o Domain/host controllers (in domain mode)
• Prepare and test disaster recovery procedures and environment restoration.
• Integrate JBoss EAP with Red Hat AMQ
• Connect to external systems like databases, message brokers, or logging systems (ELK stack).
• Maintain up-to-date documentation on:
o Configuration changes
o System architecture
o Patching history
• Implement audit logging and track changes for compliance.
• Work with DevSecOps teams to ensure EAP adheres to security best practices.
• Troubleshoot:
o Deployment failures
o Classloading conflicts
o Transaction rollbacks
o Application or subsystem crashes
• Interface with Red Hat Support via the Customer Portal and create support cases when needed.
• Automate tasks using:
o Ansible (especially Red Hat Certified Collections)
o JBoss CLI scripting
o Shell/Python scripts
• Integrate EAP deployments with CI/CD pipelines (Jenkins, GitLab, Tekton).
• Support EAP clustering, session replication, and high availability.
• Manage load balancing with Apache HTTPD, mod_cluster, or HAProxy.
• Manage SSL certificates and domain configurations, ensure SSL certificates are renewed on a timely manner
• Stay up-to-date with JBOSS releases and new features.
• Execute, test and document upgrade procedures in lower and production environments
Artifactory
• Deploy and configure Artifactory instances, ensuring they meet organizational requirements for scalability and high availability.
• Tune Artifactory settings, implement caching strategies, and optimize storage solutions to enhance performance and scalability.
• Utilize tools like Prometheus, Grafana, and JFrog Mission Control to monitor system health, set up alerts, and ensure continuous operation.
• Define and manage user roles and permissions to control access to repositories and artifacts, ensuring security and compliance.
• Integrate Artifactory with LDAP, SSO, or other authentication systems to streamline user management.
• Integrate JFrog Xray with Artifactory to scan artifacts for security vulnerabilities and license compliance.
• Implement fine-grained access control using users, groups, permissions, and permission targets.
• Ensure that backups are encrypted and access-controlled to prevent unauthorized access to sensitive data.
• Pipeline Integration: Integrate Artifactory with CI/CD tools like Jenkins, GitLab CI, and others to automate artifact storage and retrieval.
• Implement processes to promote artifacts through different stages of the development lifecycle, such as development, staging, and production.
• Develop scripts to automate routine tasks, such as repository cleanup and artifact promotion.
• Set up and manage local, remote, virtual, and federated repositories to organize and control access to artifacts.
• Regularly clean up repositories by removing obsolete artifacts and optimizing storage usage.
• Configure repository replication and federated repositories to ensure consistent access to artifacts across geographically distributed teams.
• Monitor the health and performance of Artifactory instances using integrated monitoring tools.
• Generate reports on repository usage, artifact storage, and user activity to inform decision-making.
• Set up proactive alerting mechanisms to detect and resolve issues promptly. Apply security patches and updates in a timely manner.
DevSecOps Engineering:
• Embed security checks into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI).
• Automate code scanning, dependency scanning, and container image scanning.
• Integrate tools like:
o SAST (Static Application Security Testing) — e.g., SonarQube, Fortify
o DAST (Dynamic Application Security Testing) — e.g., OWASP ZAP, Burp Suite
o SCA (Software Composition Analysis) — e.g., Snyk, WhiteSource, Black Duck
• Promote secure coding practices via developer training and secure coding guidelines.
• Define and enforce security policies for app configuration, secrets, encryption, etc.
• Use Infrastructure as Code (IaC) tools like Terraform or Ansible securely.
• Scan IaC templates for misconfigurations (e.g., with Checkov, tfsec, Terrascan).
• Secure cloud resources (AWS, Azure, GCP) using Cloud Security Posture Management (CSPM) tools.
• Set up IAM policies, network segmentation, and encryption at rest/in transit.
• Participate in threat modeling sessions with development teams.
• Identify potential attack vectors in the architecture (e.g., privilege escalation, insecure APIs).
• Prioritize and remediate identified risks based on severity and impact.
• Monitor and manage vulnerabilities in Code, Containers, Dependencies, Infrastructure
• Integrate tools like Trivy, Clair, Aqua, or Anchore into pipelines.
• Track vulnerability metrics, triage findings, and enforce SLAs for remediation.
• Harden container images using minimal base images and security scanning.
• Enforce policies using tools like OPA/Gatekeeper, Kyverno, or PodSecurity Standards.
• Configure Kubernetes RBAC, network policies, and secrets management.
• Implement runtime protections with tools like Falco, Sysdig, or Kube-bench.
• Develop custom scripts/tools for security automation (Python, Bash, Go).
• Automate certificate management, secrets rotation, and access provisioning.
• Maintain DevSecOps toolchains across dev, test, and prod environments.
• Collaborate with development, QA, operations, and security teams.
• Align with compliance standards (e.g., SOC 2, ISO 27001, PCI-DSS, HIPAA).
• Define security policies, guardrails, and governance workflows.
• Integrate security monitoring into observability platforms (e.g., ELK, Grafana, Splunk).
• Enable SIEM and SOAR integrations for real-time threat detection and alerting.
• Support incident response and forensics when security events occur.
Qualifications
• Bachelor’s degree with 12 years (or commensurate experience)
• Master’s degree and 7 years of experience.
group id: COMPHLP
