OS Build & Hardening Engineer (RARR Job 5419)

We are seeking a Senior Infrastructure Automation Engineer to lead the design and implementation of a ZeroTouch Build, Upgrade, and Certification pipeline for our on-prem GPU cloud infrastructure. This role involves end-to-end stack automation — from hardware provisioning to OS and Kubernetes deployment — leveraging 100% GitOps workflows. The ideal candidate will have deep expertise in Linux systems automation, image management, compliance hardening, and infrastructure engineering.

Key Responsibilities

• Architect and implement a GitOps-based pipeline for building, upgrading, and certifying Linux OS layers in the GPU cloud stack (hardware → OS → Kubernetes platform).

• Design and automate Linux image builds using Packer, Kickstart, and Ansible.

• Integrate CIS/STIG compliance hardening and OpenSCAP scanning into the image lifecycle and validation workflows.

• Manage kernel module/driver automation, ensuring version compatibility and hardware enablement for GPU nodes.

• Collaborate with SRE, platform, and security teams to standardize image build and deployment practices.

• Maintain Infrastructure-as-Code repositories with GitOps compliance for traceability and reproducibility.

• Build self-service capabilities for zero-touch provisioning, image certification, and drift detection.

• Mentor junior engineers and contribute to strategic automation roadmap initiatives.

Required Skills & Experience

• 10+ years of hands-on Linux infrastructure engineering, automation, and OS lifecycle management.

• Strong expertise in:

  • Ansible – Configuration management and post-build customization

  • Python – Scripting and automation logic

  • Packer – Automated image builds

  • Kickstart – Unattended OS provisioning

  • OpenSCAP – Security compliance and policy enforcement

• Solid understanding of CIS/STIG hardening standards in automated pipelines.

• Experience in kernel and driver management, especially for hardware-accelerated GPU environments.

• Proven experience implementing GitOps workflows for infrastructure automation.

• Deep knowledge of Linux internals, bootloaders, and bare-metal provisioning mechanisms.

• Exposure to Kubernetes, particularly for OS-level customization and compliance.

• Strong collaboration skills with cross-functional teams (security, SRE, platform, hardware).

Preferred / Bonus Skills

• Familiarity with image signing, SBOM generation, and secure boot workflows.

• Experience in regulated/compliance-heavy environments (e.g., FedRAMP, PCI DSS).

• Contributions to infrastructure automation frameworks or open-source tools.