Clearance Jobs
Senior JBoss Engineer
This position is located in Washington, DC and will be a remote position with intermittent visits to customer location. Required Skills and Experience: Experience with JBOSS, Java EE applications, Red Hat In-depth knowledge of Artifactory Proven experience with DevSecOps Engineering Clearance Required: Must be able to obtain and maintain AOUSC Public Trust Responsibilities: JBOSS Install JBoss EAP on supported platforms (Linux, RHEL, Windows). Configure in standalone or domain mode, depending on architecture needs. Apply Red Hat-supported RPMs or ZIP installations and ensure compliance with licensing. Deploy and manage Java EE applications (WAR/EAR) via: Management CLI Admin Console Automation scripts (Ansible, shell) Enable rolling deployments, hot deployment Set up HTTPS/SSL with trusted certificates and secure keystores. Enforce RBAC (Role-Based Access Control) using the management realm. Configure security domains, JAAS, and Elytron security (modern Red Hat EAP security subsystem). Manage key EAP subsystems: Datasources (JDBC) JMS (ActiveMQ Artemis) Web (undertow) EJB, JPA, JAX-RS, JTA, JNDI Modify configurations via: Management CLI xml or domain.xml JBoss Management API Monitor JVM and application performance with tools like: JConsole JMC (Java Mission Control) JBoss CLI Tune JVM options, garbage collection, connection pools, and thread pools. Analyze logs (server.log, boot.log) and configure log rotation and log levels. Apply Red Hat-provided patches and updates using RHSM or offline methods. Maintain backup procedures for: Configuration files Deployed apps Domain/host controllers (in domain mode) Prepare and test disaster recovery procedures and environment restoration. Integrate JBoss EAP with Red Hat AMQ Connect to external systems like databases, message brokers, or logging systems (ELK stack). Maintain up-to-date documentation on: Configuration changes System architecture Patching history Implement audit logging and track changes for compliance. Work with DevSecOps teams to ensure EAP adheres to security best practices. Troubleshoot: Deployment failures Classloading conflicts Transaction rollbacks Application or subsystem crashes Interface with Red Hat Support via the Customer Portal and create support cases when needed. Automate tasks using: Ansible (especially Red Hat Certified Collections) JBoss CLI scripting Shell/Python scripts Integrate EAP deployments with CI/CD pipelines (Jenkins, GitLab, Tekton). Support EAP clustering, session replication, and high availability. Manage load balancing with Apache HTTPD, mod_cluster, or HAProxy. Manage SSL certificates and domain configurations, ensure SSL certificates are renewed on a timely manner Stay up-to-date with JBOSS releases and new features. Execute, test, and document upgrade procedures in lower and production environments Artifactory Deploy and configure Artifactory instances, ensuring they meet organizational requirements for scalability and high availability. Tune Artifactory settings, implement caching strategies, and optimize storage solutions to enhance performance and scalability. Utilize tools like Prometheus, Grafana, and JFrog Mission Control to monitor system health, set up alerts, and ensure continuous operation. Define and manage user roles and permissions to control access to repositories and artifacts, ensuring security and compliance. Integrate Artifactory with LDAP, SSO, or other authentication systems to streamline user management. Integrate JFrog Xray with Artifactory to scan artifacts for security vulnerabilities and license compliance. Implement fine-grained access control using users, groups, permissions, and permission targets. Ensure that backups are encrypted and access-controlled to prevent unauthorized access to sensitive data. Pipeline Integration: Integrate Artifactory with CI/CD tools like Jenkins, GitLab CI, and others to automate artifact storage and retrieval. Implement processes to promote artifacts through different stages of the development lifecycle, such as development, staging, and production. Develop scripts to automate routine tasks, such as repository cleanup and artifact promotion. Set up and manage local, remote, virtual, and federated repositories to organize and control access to artifacts. Regularly clean up repositories by removing obsolete artifacts and optimizing storage usage. Configure repository replication and federated repositories to ensure consistent access to artifacts across geographically distributed teams. Monitor the health and performance of Artifactory instances using integrated monitoring tools. Generate reports on repository usage, artifact storage, and user activity to inform decision-making. Set up proactive alerting mechanisms to detect and resolve issues promptly. Apply security patches and updates in a timely manner. DevSecOps Engineering: Embed security checks into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). Automate code scanning, dependency scanning, and container image scanning. Integrate tools like: SAST (Static Application Security Testing)
e.g., SonarQube, Fortify DAST (Dynamic Application Security Testing)
e.g., OWASP ZAP, Burp Suite SCA (Software Composition Analysis)
e.g., Snyk, WhiteSource, Black Duck Promote secure coding practices via developer training and secure coding guidelines. Define and enforce security policies for app configuration, secrets, encryption, etc. Use Infrastructure as Code (IaC) tools like Terraform or Ansible securely. Scan IaC templates for misconfigurations (e.g., with Checkov, tfsec, Terrascan). Secure cloud resources (AWS, Azure, GCP) using Cloud Security Posture Management (CSPM) tools. Set up IAM policies, network segmentation, and encryption at rest/in transit. Participate in threat modeling sessions with development teams. Identify potential attack vectors in the architecture (e.g., privilege escalation, insecure APIs). Prioritize and remediate identified risks based on severity and impact. Monitor and manage vulnerabilities in Code, Containers, Dependencies, Infrastructure. Integrate tools like Trivy, Clair, Aqua, or Anchore into pipelines. Track vulnerability metrics, triage findings, and enforce SLAs for remediation. Harden container images using minimal base images and security scanning. Enforce policies using tools like OPA/Gatekeeper, Kyverno, or PodSecurity Standards. Configure Kubernetes RBAC, network
This position is located in Washington, DC and will be a remote position with intermittent visits to customer location. Required Skills and Experience: Experience with JBOSS, Java EE applications, Red Hat In-depth knowledge of Artifactory Proven experience with DevSecOps Engineering Clearance Required: Must be able to obtain and maintain AOUSC Public Trust Responsibilities: JBOSS Install JBoss EAP on supported platforms (Linux, RHEL, Windows). Configure in standalone or domain mode, depending on architecture needs. Apply Red Hat-supported RPMs or ZIP installations and ensure compliance with licensing. Deploy and manage Java EE applications (WAR/EAR) via: Management CLI Admin Console Automation scripts (Ansible, shell) Enable rolling deployments, hot deployment Set up HTTPS/SSL with trusted certificates and secure keystores. Enforce RBAC (Role-Based Access Control) using the management realm. Configure security domains, JAAS, and Elytron security (modern Red Hat EAP security subsystem). Manage key EAP subsystems: Datasources (JDBC) JMS (ActiveMQ Artemis) Web (undertow) EJB, JPA, JAX-RS, JTA, JNDI Modify configurations via: Management CLI xml or domain.xml JBoss Management API Monitor JVM and application performance with tools like: JConsole JMC (Java Mission Control) JBoss CLI Tune JVM options, garbage collection, connection pools, and thread pools. Analyze logs (server.log, boot.log) and configure log rotation and log levels. Apply Red Hat-provided patches and updates using RHSM or offline methods. Maintain backup procedures for: Configuration files Deployed apps Domain/host controllers (in domain mode) Prepare and test disaster recovery procedures and environment restoration. Integrate JBoss EAP with Red Hat AMQ Connect to external systems like databases, message brokers, or logging systems (ELK stack). Maintain up-to-date documentation on: Configuration changes System architecture Patching history Implement audit logging and track changes for compliance. Work with DevSecOps teams to ensure EAP adheres to security best practices. Troubleshoot: Deployment failures Classloading conflicts Transaction rollbacks Application or subsystem crashes Interface with Red Hat Support via the Customer Portal and create support cases when needed. Automate tasks using: Ansible (especially Red Hat Certified Collections) JBoss CLI scripting Shell/Python scripts Integrate EAP deployments with CI/CD pipelines (Jenkins, GitLab, Tekton). Support EAP clustering, session replication, and high availability. Manage load balancing with Apache HTTPD, mod_cluster, or HAProxy. Manage SSL certificates and domain configurations, ensure SSL certificates are renewed on a timely manner Stay up-to-date with JBOSS releases and new features. Execute, test, and document upgrade procedures in lower and production environments Artifactory Deploy and configure Artifactory instances, ensuring they meet organizational requirements for scalability and high availability. Tune Artifactory settings, implement caching strategies, and optimize storage solutions to enhance performance and scalability. Utilize tools like Prometheus, Grafana, and JFrog Mission Control to monitor system health, set up alerts, and ensure continuous operation. Define and manage user roles and permissions to control access to repositories and artifacts, ensuring security and compliance. Integrate Artifactory with LDAP, SSO, or other authentication systems to streamline user management. Integrate JFrog Xray with Artifactory to scan artifacts for security vulnerabilities and license compliance. Implement fine-grained access control using users, groups, permissions, and permission targets. Ensure that backups are encrypted and access-controlled to prevent unauthorized access to sensitive data. Pipeline Integration: Integrate Artifactory with CI/CD tools like Jenkins, GitLab CI, and others to automate artifact storage and retrieval. Implement processes to promote artifacts through different stages of the development lifecycle, such as development, staging, and production. Develop scripts to automate routine tasks, such as repository cleanup and artifact promotion. Set up and manage local, remote, virtual, and federated repositories to organize and control access to artifacts. Regularly clean up repositories by removing obsolete artifacts and optimizing storage usage. Configure repository replication and federated repositories to ensure consistent access to artifacts across geographically distributed teams. Monitor the health and performance of Artifactory instances using integrated monitoring tools. Generate reports on repository usage, artifact storage, and user activity to inform decision-making. Set up proactive alerting mechanisms to detect and resolve issues promptly. Apply security patches and updates in a timely manner. DevSecOps Engineering: Embed security checks into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). Automate code scanning, dependency scanning, and container image scanning. Integrate tools like: SAST (Static Application Security Testing)
e.g., SonarQube, Fortify DAST (Dynamic Application Security Testing)
e.g., OWASP ZAP, Burp Suite SCA (Software Composition Analysis)
e.g., Snyk, WhiteSource, Black Duck Promote secure coding practices via developer training and secure coding guidelines. Define and enforce security policies for app configuration, secrets, encryption, etc. Use Infrastructure as Code (IaC) tools like Terraform or Ansible securely. Scan IaC templates for misconfigurations (e.g., with Checkov, tfsec, Terrascan). Secure cloud resources (AWS, Azure, GCP) using Cloud Security Posture Management (CSPM) tools. Set up IAM policies, network segmentation, and encryption at rest/in transit. Participate in threat modeling sessions with development teams. Identify potential attack vectors in the architecture (e.g., privilege escalation, insecure APIs). Prioritize and remediate identified risks based on severity and impact. Monitor and manage vulnerabilities in Code, Containers, Dependencies, Infrastructure. Integrate tools like Trivy, Clair, Aqua, or Anchore into pipelines. Track vulnerability metrics, triage findings, and enforce SLAs for remediation. Harden container images using minimal base images and security scanning. Enforce policies using tools like OPA/Gatekeeper, Kyverno, or PodSecurity Standards. Configure Kubernetes RBAC, network