Cloud Infrastructure Engineer

at  iCallidus

THIS POSITION IS CONTINGENT UPON AWARD.

iCallidus is seeking a Cloud Infrastructure Engineer to support HHS’s ACL cloud infrastructure environment on Azure. The purpose of this contract is to provide operations and maintenance support to ACL to manage ACL’s existing cloud environment, support migration efforts of other websites and web applications into the environment, ensure the security and compliance of the environment, and support the expansion and maturity of the environment through new technologies and solutions.
ACL employs a hybrid, multi-cloud architecture to serve as the backbone of its infrastructure with no or minimal on-premises footprint. The primary cloud infrastructure relies on Microsoft Azure government cloud service offerings, with a FedRAMP moderate authorization. ACL takes a Cloud-first and FedRAMP-first approach to its solutions and services. That cloud infrastructure is in conjunction with other FedRAMP authorized systems which all together creates what is known as ACL Cloud which serves as the main system for ACL, other ACL websites and applications are meant to be sub systems within. This allows for a multi-layer inheritance of security controls. Systems within ACL cloud are architected to have a multi-services approach to development which includes microservices, containerization, data streams, data storage, data lake synchronization, and Application Programming Interfaces (API).
The ACL Cloud includes a development, stage/test, and production environment. Currently, only EITS contractors would be able to access the backend resources and architecture based on role.
The ACL Cloud is a FISMA moderate information systems environment governed by the Administration for Community Living (ACL) Chief Information Officer (CIO) and Chief Information Security Officer (CISO) to meet federal requirements as defined by Office of Management and Budget guidance and directives, FIPS Publication 199, DoD Security Technical Implementation Guidelines (STIG) and Standards for Security Categorization of Federal Information and Information Systems which is based on National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision Five, Special Publication (SP) 800-30, Guide for Conducting Risk Assessments, and NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.
The services and applications leveraged for the infrastructure are FedRAMP authorized, and their security controls have been inherited. The ACL Federal Cloud is based on modern infrastructure and services and uses the zero-trust model for its identity and access management architecture.
ACL’s technology ecosystem includes a segmented development environment using the latest Azure DevOps suite, test/stage environments, and an internal and external production environment. The ACL OIRM has developed and implemented a cloud based microservices approach that moves us away from traditional Microsoft .NET and VM approaches. OIRM has migrated to more modern infrastructure and programing languages utilizing technologies such as containerization, meshed services, HTML5, JavaScript based coding such as node.js, React, Elastic, and RestfulAPIs connected to ACL’s data network consisting of data sources utilizing Data Factory, Data Lake, Logic App, SQL, MySQL, PostGresSQL, Mongo DB, Document DB, and Hadoop. Javascript based charts such as Highcharts, Google Maps, Power BI and ArcGIS are examples of a range of some data visualization tools deployed. ACL also works with Machine Learning (ML) and Artificial Intelligence (AI). ACL’s environment and architecture are tool agnostic and can support other analytic and data visualization tools if it integrates with ACL’s other services and overall portfolio.
In addition to the programming and infrastructure modernization, ACL also utilizes analytic and monitoring tools for site usage, site access, account monitoring, network/web traffic, accessibility, and security. Although ACL will not divulge its full technology architecture as part of the solicitation, all ACL systems are classified at the moderate data classification risk level, and ACL manages and enhances a set of robust, versatile, and latest generation services while securing its portfolio of systems and services. ACL leverages Microsoft Azure FedRAMP moderate controls, FedRAMP controls for the Microsoft Office 365 government cloud provided by HHS OCIO Operations, and ACL’s ongoing authorizations as it aligns to government regulations, mandates, System Technology Implementation Guide (STIGs) and in conjunction with Department of Homeland Security (DHS) Continuous Diagnostic and Mitigation (CDM) efforts and following National Institute of Standards and Technologies (NIST) specific controls such as the a minimum level of NIST 800-53 Revision 5. ACL’s Authority to Operate (ATO) includes the requirements for systems, services, and content to meet the Usability and Accessibility requirements established by the Web Content Accessibility Guidelines (WCAG 2.1) AA success criteria, and the need to comply with the most current rules enforcing Section 508 of the Rehabilitation Act.
All ACL systems are included in the scope of this requirement. ACL systems are intended to be hosted in the ACL cloud environment although several remain independently hosted. All systems and system changes (including any technical, design, accessibility, usability, data, privacy and security parameters, configurations, architecture, and services) must be approved by the designated ACL OIRM representative prior to deployment. This is intended to focus on security and operability at the onset to ensure a successful system authorization in terms of a continual Authority to Operate (ATO) as well as adhere to change control and release management protocols.
ACL has multiple systems that comprise the ACL Cloud. They are comprised of websites, reporting applications, data visualization applications, services, collaboration systems, task management systems, and technical assistance systems for awarded grants. Platforms used include Azure, Google Cloud, Gsuite Workplace, Okta, Huddle, ClickUp, Miro, Box, Zoom, SalesForce, Docusign, Google Analytics, High Charts, Power BI, Netskope, Cylance, Microsoft Teams, Microsoft O365, Zoom, Adobe Acrobat Pro, GitHub with Codespaces, Gloo, Azure DevOps, Microsoft Front Door, Microsoft Application Gateways, Microsoft Kubernetes Service (AKS), Azure Virtual Desktop, Bastian servers, Ubuntu, Windows Virtual Machines, Microsoft Data Factory, Microsoft Data Explorer, Elastic Search, Cosmos DB and a couple of legacy .NET applications.
Beyond ACL Cloud, ACL utilizes HHS services for networks services which include email, Government Furnished Equipment (GFE), Domain Name Services (DNS), physical access, and HHS accounts. In addition, ACL has a small number of systems that are considered external systems that need be migrated to ACL Cloud and services.

QUALIFICATIONS:

• 7-10 years of expertise in cloud infrastructure management, particularly with Azure.
• Experience in system administration and cloud services.
• Strong knowledge of security compliance and change management processes.
  EEO Statement:iCallidus is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate based on race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.