Senior Site Reliability Engineer - FedRAMP Advisory (100% remote

Marathon TS seeking a hands-on, automation-obsessed Senior Site Reliability Engineer to build and operate FedRAMP-authorized cloud environments across Azure, AWS, and GCP. This is an execution-focused engineering role - you will own the build and ongoing upkeep of compliance-driven infrastructure, not a "keep the lights on" operations seat.
You will act as a Subject Matter Expert (SME), collaborating with security analysts and mission system owners to resolve incidents, minimize service interruptions, and lower the total cost of ownership through aggressive automation.
Key Responsibilities

Infrastructure & Operations

• Environment Build & Upkeep: Execute the build, configuration, and ongoing maintenance of FedRAMP boundary environments across Azure (preferred), AWS, and GCP, ensuring high availability, performance, and reliability.
• Infrastructure as Code: Define, provision, and manage infrastructure using Terraform as the primary IaC tool. Build immutable, reproducible environments and move away from manual configuration.
• Image Pipelines: Design and maintain hardened, golden machine images using HashiCorp Packer, aligned to CIS Benchmarks and DISA STIGs.
• Linux & Windows Administration: Administer and maintain RHEL 8/9 (priority) and Windows Server systems in cloud-only environments, including patching, configuration, and lifecycle management.
• Patching & Vulnerability Management: Automate and optimize patch management. Track, remediate, and report vulnerabilities within strict FedRAMP SLAs.
• Monitoring & Logging: Operate continuous monitoring and logging stacks, managing alerts and pipelines to ensure proactive system health.
• On-Call & Incident Response: Participate in a shared on-call rotation for production FedRAMP environments, responding to availability, performance, and security incidents within defined SLA windows.

Security & Compliance

• Hardening & Baselines: Build, test, and maintain secure baseline images and configurations compliant with CIS Benchmarks and DISA STIGs.
• Compliance Automation: Implement automated compliance monitoring and remediation guardrails using cloud-native and third-party tooling (e.g., AWS Config, Security Hub, Azure Policy, OpenSCAP, Cloud Custodian).
• Framework Adherence: Ensure systems align with FedRAMP, NIST 800-53, CMMC, and RMF requirements - understanding why we secure things, not just how.
• Audit Evidence: Automate the collection of evidence for audits, writing scripts and tooling that demonstrate security posture and reduce manual effort.

Automation & Collaboration

• Scripting & Tooling: Write and maintain robust scripts (Bash, Python, Go) to automate provisioning, auditing, monitoring, and reporting tasks.
• CI/CD Integration: Integrate compliance checks, container scanning, and security guardrails into CI/CD pipelines (GitHub Actions, GitLab CI, Azure DevOps, or equivalent).
• Engineering Partnership: Collaborate with the Engineering Manager, lead engineers, and security analysts to deliver and operate environments; provide technical guidance to junior team members as needed.

Required Qualifications

• U.S. Person Status: Must be a U.S. Person (U.S. citizen, national, or lawful permanent resident)
• Experience: 5+ years engineering and operating cloud infrastructure in enterprise or compliance-driven environments.
• Cloud Certification: An active cloud certification is required - Azure (e.g., AZ-104 / AZ-305) strongly preferred; equivalent AWS or GCP certifications are also valued.
• Infrastructure as Code: Strong, demonstrable proficiency with Terraform, including module design and remote state management.
• Linux Administration: Deep hands-on experience administering RHEL 8/9 (priority) and other Linux distributions in cloud environments.
• Windows Administration: Working proficiency administering Windows Server in enterprise/cloud environments.
• Automation: Proven scripting expertise (Python, Bash) and configuration management experience (Ansible or equivalent).
• Compliance Knowledge: Working knowledge of NIST 800-53, FedRAMP, or DoD SRG/STIGs.

Preferred Qualifications

• FedRAMP Audit Experience: Direct experience supporting a FedRAMP authorization or having been through a 3PAO assessment is highly desirable.
• Image Automation: Hands-on experience with HashiCorp Packer for golden image pipelines.
• Containerization: Experience managing and securing containerized workloads (Kubernetes/EKS/AKS/GKE, Docker).
• Additional Certifications: RHCE, HashiCorp Terraform Associate, CKA, or AWS/GCP/Azure specialty certifications.
• Advanced Tooling: Familiarity with compliance-as-code tools (Chef InSpec, OpenSCAP, Osquery) and vulnerability scanners (Nessus/Tenable, Rapid7).
• Clearance: Active Secret or Top Secret clearance (or eligibility) is a plus.

Soft Skills

• Detail-Oriented: A methodical, compliance-driven mindset that refuses to cut corners on security.
• Problem Solver: You don't just fix the error; you fix the process that caused it.
• Communicator: Strong documentation skills - you can clearly explain a root cause analysis in writing.
• Autonomy: You thrive in a remote environment and can manage your own time and priorities effectively.

#cjjobs

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").