Site Reliability Engineer (FedRAMP)

Job summary

Marathon TS is seeking a Senior Site Reliability Engineer to build and operate FedRAMP-authorized cloud environments across Azure, AWS, and GCP. This role focuses on execution, owning the build and upkeep of compliance-driven infrastructure, and acting as a Subject Matter Expert to resolve incidents and minimize service interruptions through automation.

Qualifications

• Must be a U.S. Person (U.S. citizen, national, or lawful permanent resident).
• 5+ years engineering and operating cloud infrastructure in enterprise or compliance-driven environments.
• An active cloud certification is required (Azure preferred; equivalent AWS or GCP certifications are valued).
• Strong, demonstrable proficiency with Terraform, including module design and remote state management.
• Deep hands-on experience administering RHEL 8/9 and other Linux distributions in cloud environments.
• Working proficiency administering Windows Server in enterprise/cloud environments.
• Proven scripting expertise (Python, Bash) and configuration management experience (Ansible or equivalent).
• Working knowledge of NIST 800-53, FedRAMP, or DoD SRG/STIGs.
• Direct experience supporting a FedRAMP authorization or having been through a 3PAO assessment is highly desirable.
• Hands-on experience with HashiCorp Packer for golden image pipelines.
• Experience managing and securing containerized workloads (Kubernetes/EKS/AKS/GKE, Docker).
• Familiarity with compliance-as-code tools (Chef InSpec, OpenSCAP, Osquery) and vulnerability scanners (Nessus/Tenable, Rapid7).
• Active Secret or Top Secret clearance (or eligibility) is a plus.
• Methodical, compliance-driven mindset that refuses to cut corners on security.
• Ability to fix processes that caused errors, not just the errors themselves.
• Strong documentation skills, able to clearly explain root cause analysis in writing.
• Thrives in a remote environment and can manage time and priorities effectively.

Responsibilities

• Execute the build, configuration, and ongoing maintenance of FedRAMP boundary environments across Azure, AWS, and GCP, ensuring high availability, performance, and reliability.
• Define, provision, and manage infrastructure using Terraform as the primary Infrastructure as Code tool.
• Build immutable, reproducible environments and move away from manual configuration.
• Design and maintain hardened, golden machine images using HashiCorp Packer, aligned to CIS Benchmarks and DISA STIGs.
• Administer and maintain RHEL 8/9 and Windows Server systems in cloud-only environments, including patching, configuration, and lifecycle management.
• Automate and optimize patch management.
• Track, remediate, and report vulnerabilities within strict FedRAMP SLAs.
• Operate continuous monitoring and logging stacks, managing alerts and pipelines to ensure proactive system health.
• Participate in a shared on-call rotation for production FedRAMP environments, responding to availability, performance, and security incidents within defined SLA windows.
• Build, test, and maintain secure baseline images and configurations compliant with CIS Benchmarks and DISA STIGs.
• Implement automated compliance monitoring and remediation guardrails using cloud-native and third-party tooling (e.g., AWS Config, Security Hub, Azure Policy, OpenSCAP, Cloud Custodian).
• Ensure systems align with FedRAMP, NIST 800-53, CMMC, and RMF requirements.
• Automate the collection of evidence for audits, writing scripts and tooling that demonstrate security posture and reduce manual effort.
• Write and maintain robust scripts (Bash, Python, Go) to automate provisioning, auditing, monitoring, and reporting tasks.
• Integrate compliance checks, container scanning, and security guardrails into CI/CD pipelines (GitHub Actions, GitLab CI, Azure DevOps, or equivalent).
• Collaborate with the Engineering Manager, lead engineers, and security analysts to deliver and operate environments; provide technical guidance to junior team members as needed.

Skills

Certifications

Degrees

Security clearance

Relocation