NLM Cloud Engineer III

Job DescriptionJob DescriptionSalary: $140,000 - $170,000

Cloud Engineer III

Lexical Intelligence provides software and services related to processing large-scale biomedical information sources. Our Natural Language Processing (NLP) and analytics software is used by policy and decision makers to evaluate and prioritize current and emerging areas of research.

We are looking for a Cloud Engineer III to work within the National Library of Medicine (NLM), Lister Hill National Center for Biomedical Communications (LHNCBC), Bethesda, MD. The Cloud Engineer III will have experience in cloud infrastructure management, DevOps engineering, and cybersecurity compliance. The Cloud Engineer III will have a firm understanding of cloud computing platforms, CI/CD pipelines, Infrastructure as Code (IaC), and Federal Information Security Modernization Act (FISMA) requirements.

The Cloud Engineer III shall be able to work well within a team of multidisciplinary researchers, software developers, IT operations staff, and biomedical informatics professionals. The selected applicant will be subject to a pre-employment background and reference check.

Required Qualifications6+ years of relevant cloud engineering, DevOps, or infrastructure experienceMasters degree or other degree(s) in Computer Science, Information Technology, Engineering, or related fieldsDemonstrated experience with cloud platforms including Google Cloud (GC), Amazon Web Services (AWS), and Microsoft Azure, including IaaS, PaaS, and SaaS configurationsProficiency with CI/CD tools such as GitLab, GitHub, TeamSite, Nexus, Kubernetes, Ansible, and TerraformExperience with container orchestration platforms such as Kubernetes, Anthos, and OpenShiftExperience with Infrastructure as Code (IaC) tools including Terraform, Ansible, Puppet, and AWS Cloud Development Kit (CDK)Familiarity with FISMA compliance requirements and federal security frameworks, including NIST SP 800-53 and NIST SP 800-171Experience with vulnerability scanning and penetration testing tools such as Tenable, Prowler, Netsparker, Checkmarx, and OWASPExperience with monitoring and logging tools such as EFK stack, Prometheus, and GrafanaMust be authorized to work in the United States and able to obtain a Public Trust background investigation clearancePreferred QualificationsExperience supporting federal government IT environments, particularly within HHS, NIH, or NLMFamiliarity with Identity and Access Management (IAM) and administration of commercial cloud accountsExperience with distributed computing systems, batch queuing software, and open-source map/reduce frameworks such as HadoopProficiency with database technologies including RDS, MySQL, MongoDB, MS SQL, PostgreSQL, and ElasticsearchExperience with version control systems including Bitbucket and GitLabFamiliarity with Apache server services and open-source software administrationExperience supporting Authority to Operate (ATO) processes and developing or maintaining System Security Plans (SSPs)Experience with ticketing and documentation systems such as JIRA, ServiceNow, and Confluence WikiFamiliarity with FedRAMP requirements for cloud service providersRelevant certifications such as AWS Certified Solutions Architect, Google Professional Cloud Engineer, Microsoft Azure Administrator, or equivalentResponsibilitiesRecommend, deploy, and manage version control systems (e.g., Bitbucket, GitLab) and provide guidance on platform selection on a case-by-case basisImplement and administer CI/CD pipelines for all approved development frameworks at NLM using tools such as GitLab, GitHub, TeamSite, Nexus, Kubernetes, Ansible, and TerraformRecommend and configure Infrastructure as Code (IaC) tools including Terraform, Ansible, Puppet, and CDK to support scalable and repeatable deploymentsImplement, administer, and support cross-datacenter deployments using Docker and other containerization platformsSet up, administer, and maintain elastic and cost-efficient container orchestration environments using Kubernetes, Anthos, and OpenShiftProvide monitoring and logging capabilities using EFK stack, Prometheus, and Grafana to collect, store, and analyze performance and availability data for applications and infrastructureConfigure and manage vulnerability scanners and penetration testing tools (Tenable, Prowler, Netsparker, Checkmarx, OWASP) to ensure the security of software applications and infrastructureProvide technical support and guidance to development teams for migrating to and utilizing the DevOps platformDeliver day-to-day cloud operations support, including secure remote access, administration of cloud computing and storage platforms, compute and cost model analysis, and implementation of selected cloud solutionsSupport cybersecurity and risk management across the NLM enterprise, including system, network, and database administration as well as application developmentResolve application software, firmware, system, and hardware vulnerabilities uncovered by regular security scanning; assist in creating, developing, and maintaining Authority to Operate (ATOs) and System Security Plans (SSPs)Track and manage known vulnerabilities using Tenable Security CenterProvide technical support for systems and database design, coordinating and implementing open-source software such as Apache server services and managing databases including RDS, MySQL, MongoDB, MS SQL, PostgreSQL, and ElasticsearchProvide customer service to internal and external staff, solving issues in highly technical environments using plain language communication; administer user accounts, set disk quotas, monitor performance, and track issues through JIRA and ServiceNow or equivalent ticketing systems; maintain documentation using Confluence WikiAdminister, configure, and maintain distributed computing systems using batch queuing software and open-source map/reduce frameworks, including Hadoop; implement and maintain CI/CD clusters on GitHub and/or GitLabSupport cloud development and computing infrastructure for production web services, high-performance computing, and high-throughput processing environments through administration of commercial cloud accounts via IAM and monitoring cloud resource utilization efficiencyAssist the Government in implementing, maintaining, and executing computer security practices, including FISMA policies, firewalls, intrusion detection, secure computing environment design, and disaster recoveryConduct ongoing vulnerability assessments and threat identification; present results and ensure resolution of identified vulnerabilities within prescribed time limitsEnsure compliance with Section 508 accessibility requirements for all developed ICT products, platforms, and servicesComply with all HHS/NIH information security policies, including completing mandatory annual security awareness, privacy, and records management trainingAdhere to HHS Rules of Behavior and NLM Policy on Health-Related Data About Individuals, including signing required non-disclosure agreements prior to performing work

Salary and BenefitsWe offer a competitive salary and a generous benefits package, including at no cost: full health and dental for you and your dependents, retirement and HSA accounts, short- and long-term disability insurance, life and accident insurance, paid time off, and 11 federal holidays.

LocationBethesda, MD

Equal Employment Opportunity PolicyLexical Intelligence, LLC, provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Lexical Intelligence, LLC | 2001 Veirs Mill Rd #546 | Rockville, MD 20851