Senior Systems Engineer

We are seeking an Senior Systems Engineer to lead production readiness for a regulated AWS/EKS platform that stores, processes, or transmits sensitive PII/PHI data. This role is critical to building and operating secure, resilient, and audit-ready cloud infrastructure across EKS and supporting platform services.

 

This Senior Systems Engineer will partner closely with Platform Engineering, Security, Compliance, and Data teams to implement controls spanning Kubernetes hardening, network segmentation, identity and access management, encryption, observability, incident response readiness, and disaster recovery.

 

Key Responsibilities:

• Strong networking and security expertise is required.
• Design, implement, and operate production AWS/EKS infrastructure for regulated workloads.
• Lead network security architecture, including VPC segmentation, private connectivity, egress controls, DNS restrictions, security groups, NACLs, and Kubernetes NetworkPolicies.
• Implement and enforce zero-trust principles for east-west and north-south traffic.
• Secure EKS clusters and workloads through least privilege IAM/IRSA, hardened node baselines, pod security controls, admission policies, and runtime monitoring.
• Implement and maintain encryption controls for data in transit and at rest, including KMS key management and secret envelope encryption.
• Manage TLS certificate lifecycle (issuance, renewal, rotation, revocation), and enforce trusted certificate signing/chain validation processes across platform and application traffic.
• Partner with teams to secure private Snowflake connectivity and identity-bound service access from EKS workloads.
• Operationalize secure platform tooling (Argo CD, Vault, Istio, Grafana, Neo4j), including RBAC, service isolation, audit logging, and break-glass procedures.
• Build and maintain centralized logging, monitoring, SIEM integration, and alerting for security and compliance events.
• Drive vulnerability management and patching programs with severity-based SLAs and exception tracking.
• Support backup/restore testing, DR exercises, and production readiness evidence collection.
• Produce and maintain audit-ready control evidence and documentation for internal/external assessments.

Required Qualifications:

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Infrastructure/platform engineering experience in cloud production environments.
• Hands-on Kubernetes operations in production; Amazon EKS strongly preferred.
• Deep expertise in networking: VPC architecture, private endpoints/PrivateLink patterns, routing, ingress/egress control, and traffic isolation.
• Deep expertise in security engineering: IAM least privilege, secrets management, encryption, key management, TLS certificate management, certificate signing processes, logging, and incident response controls.
• Proven experience implementing infrastructure controls for sensitive or regulated data environments (PII/PHI).
• Experience with infrastructure as code and GitOps deployment workflows.
• Strong collaboration and communication skills across technical and non-technical stakeholders.
• Ability to work independently.
• Ability to obtain a Public Trust clearance.
• US Citizenship is required.

Preferred Qualifications:

• FedRAMP experience is strongly preferred (authorization lifecycle, control implementation, SSP/evidence support, and continuous monitoring).
• Experience with HashiCorp Vault, Argo CD, Istio service mesh, and Grafana in production.
• Familiarity with NIST 800-53, NIST CSF, CIS Benchmarks, HITRUST, and HIPAA-aligned security controls.
• Experience integrating AWS security services (e.g., CloudTrail, Config, Security Hub, GuardDuty) into centralized operations.
• Snowflake security/connectivity experience in regulated environments.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

$104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.