OpenShift Platform Engineer

Company Description

Join us and make YOUR mark on the World!

Are you interested in joining some of the brightest talent in the world to strengthen the United States’ security? Come join Lawrence Livermore National Laboratory (LLNL) where our employees apply their expertise to create solutions for BIG ideas that make our world a better place.

We are dedicated to fostering a culture that values individuals, talents, partnerships, ideas, experiences, and different perspectives, recognizing their importance to the continued success of the Laboratory’s mission.

Pay Range:

$140,700 – $178,392 Annually for the SES.2 level

$168,780 – $214,032 Annually for the SES.3 level

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting; pay will not be below any applicable local minimum wage. An employee’s position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs.

Job Description

We have an opening for a OpenShift Administrator to design, implement, and manage the containerization infrastructure that supports enterprise applications for the NNSA’s business services and programmatic missions. This role is part of the Enterprise Infrastructure Services (EIS) Division within the Computing Directorate, supporting the NNSA Program.

As part of the EIS team, we are looking for an experienced OpenShift Administrator to provide ongoing maintenance and support for multiple Red Hat OpenShift platforms operating in secure air-gapped environments. In this role, you will work as part of a small, collaborative team responsible for managing several OpenShift clusters that host applications, enterprise integrations, utilities, and associated DevSecOps pipelines.

The responsibilities of this position include architecting and deploying application containerization solutions, as well as maintaining, patching, and upgrading existing OpenShift clusters. You will collaborate with Software Developers and Cloud Engineers to deploy, operate, and troubleshoot OpenShift-based services, while also maintaining and enhancing DevSecOps pipelines used for deploying software and configuration items. This role supports multiple sites across the country, including regions on the East, Central, and West Coasts, and occasional travel is required.

This position offers the opportunity to work in a dynamic and highly technical environment, supporting critical infrastructure for enterprise-level applications.

This position requires an on-site presence several days a week due to business needs, which means telecommuting opportunities will be limited.

In this role you will

• Design and implement highly available container infrastructures to support enterprise IT service delivery across private cloud environments.
• Utilize systems programming expertise to automate and manage service orchestration, monitoring, configuration management, security, and patch management for web applications, cloud services, containers, virtual servers, and COTS infrastructures.
• Collaborate with customers, IT managers, developers, team members, system administrators, database administrators, and security specialists to develop highly available container infrastructures and services that align with business and programmatic needs.
• Oversee systems architectures throughout their lifecycle, including risk analysis, capacity planning, architecture design, development, quality assurance, documentation, standards enforcement, implementation, upgrades, security compliance, vulnerability remediation, and performance monitoring.
• Perform day-to-day maintenance and support for multiple OpenShift clusters, ensuring functionality across dev/test, production, and disaster recovery environments.
• Configure OpenShift resources to meet ongoing and new development requirements, including patching and upgrades.
• Provide architectural guidance and subject matter expertise for OpenShift cluster configuration and setup.
• Perform other duties as assigned.

Additional responsibilities at the at the SES.3 Level

• Manage multiple advanced, parallel tasks and stakeholder priorities to ensure deadlines are met, leveraging team members’ skills effectively.
• Apply deep technical expertise to solve complex problems and develop innovative solutions, using sound judgment in determining methods, techniques, and evaluation criteria.
• Create tools and procedures to support advanced automation efforts and develop cross-platform/environment monitoring solutions.
• Maintain and enhance existing GitLab-based DevSecOps pipelines to support application deployment and configuration.

Qualifications

• Ability to obtain and maintain a US DOE Q-level security clearance which requires U.S. Citizenship.
• Bachelor’s degree in Computer Science, Software Engineering, Management Information Systems, or a related field, or an equivalent combination of education and relevant experience.
• Comprehensive experience in designing, implementing, managing, and supporting container service infrastructures, including monitoring, operational support, security, and lifecycle management.
• Extensive experience in systems programming to develop, configure, monitor, and automate the management of web applications, cloud services, containers, and COTS infrastructures, ensuring high availability and a strong security posture.
• Proven ability to work closely with customers, IT managers, developers, database administrators, systems administrators, and security specialists to design and deliver containerized infrastructures and services that align with business needs.
• Proficient verbal and written communication skills necessary for preparing and delivering presentations, articulating findings and recommendations, and influencing management decisions using data-driven insights.
• Comprehensive experience in installing, configuring, migrating, and upgrading OpenShift Container Platform clusters over multiple years.
• Significant experience in administering worker node configurations, including pod and node setup and Docker configurations, adding, deleting, updating labels, and listing pods and monitoring the health environments.
• Proficient knowledge of containers and container orchestration tools, including Red Hat Quay, Red Hat Advanced Cluster Management for Kubernetes (RHACM), Red Hat Advanced Cluster Security for Kubernetes, and the Portworx, with experience developing Ansible Playbooks for process automation and implementing authentication, role binding, and certificate installation.
• Expertise in hardening Red Hat Enterprise Linux Systems using DISA SCAP and STIG Viewer, as well as working on security baselines for products.
• Significant experience with VMware compute, storage, and network configurations as well as implementation experience of disaster recovery (DR) strategies at the Kubernetes level.
• Knowledge in setting up solutions with F5 LTM/GTMs to support large enterprise environments across multiple data centers.
• Experience creating next-generation application platform automation solutions using Red Hat OpenShift, Red Hat Ansible Automation, Docker, Kubernetes, and Podman.
• Expertise in applying security concepts, tools, and methodologies to mitigate system vulnerabilities in highly classified environments.
• Proficiency in scripting with BASH, Python, or Perl.
• Candidates with experience in other Kubernetes platforms, such as AWS EKS, VMware Tanzu, Docker Enterprise, or Rancher, will also be considered for this position.

Additional qualifications at the SES.3 Level

• Strong understanding of Infrastructure as Code (IaC) solutions.
• Advanced development experience with Docker, docker-compose, and Kubernetes.
• Hands-on experience in deploying and maintaining CI/CD solutions for DevSecOps, including GitLab CI and Jenkins.
• Familiarity with tools such as Git, Nexus, Jenkins, Jira, and Confluence.

Desired Qualifications

• A Master’s degree in Computer Science, Computer Engineering, or Management Information Systems.
• Hands-on experience with ingesting OpenShift logs into Splunk or a similar SIEM environment.
• Proven experience working in compliance-driven and secure environments, along with project management expertise in large-scale enterprise COTS application implementations.
• Relevant professional certifications or training, such as Red Hat Certified OpenShift Administrator or Certified Kubernetes Administrator (CKA).
• An active DOE Q or TS clearance is preferred, but not required.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Position Information

This is a Flexible Term appointment, which is for a definite period not to exceed six years. If final candidate is a Career Indefinite employee, Career Indefinite status may be maintained (should funding allow).

Why Lawrence Livermore National Laboratory?

• Included in 2025 Best Places to Work by Glassdoor!
• Flexible Benefits Package
• 401(k)
• Relocation Assistance
• Education Reimbursement Program
• Flexible schedules (*depending on project needs)
• Our core beliefs – visit https://www.llnl.gov/inclusion/our-values

Security Clearance

This position requires a Department of Energy (DOE) Q-level clearance. If you are selected, we will initiate a Federal background investigation to determine if you meet eligibility requirements for access to classified information or matter. Also, all L or Q cleared employees are subject to random drug testing. Q-level clearance requires U.S. citizenship. 

Pre-Employment Drug Test

External applicant(s) selected for this position must pass a post-offer, pre-employment drug test. This includes testing for use of marijuana as Federal Law applies to us as a Federal Contractor.

Wireless and Medical Devices

Per the Department of Energy (DOE), Lawrence Livermore National Laboratory must meet certain restrictions with the use and/or possession of mobile devices in Limited Areas. Depending on your job duties, you may be required to work in a Limited Area where you are not permitted to have a personal and/or laboratory mobile device in your possession. This includes, but not limited to cell phones, tablets, fitness devices, wireless headphones, and other Bluetooth/wireless enabled devices. 

If you use a medical device, which pairs with a mobile device, you must still follow the rules concerning the mobile device in individual sections within Limited Areas. Sensitive Compartmented Information Facilities require separate approval. Hearing aids without wireless capabilities or wireless that has been disabled are allowed in Limited Areas, Secure Space and Transit/Buffer Space within buildings.

How to identify fake job advertisements

Please be aware of recruitment scams where people or entities are misusing the name of Lawrence Livermore National Laboratory (LLNL) to post fake job advertisements. LLNL never extends an offer without a personal interview and will never charge a fee for joining our company. All current job openings are displayed on the Career Page under “Find Your Job” of our website. If you have encountered a job posting or have been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond.

To learn more about recruitment scams: https://www.llnl.gov/sites/www/files/2023-05/LLNL-Job-Fraud-Statement-Updated-4.26.23.pdf

Equal Employment Opportunity

We are an equal opportunity employer that is committed to providing all with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, marital status, national origin, ancestry, sex, sexual orientation, gender identity, disability, medical condition, pregnancy, protected veteran status, age, citizenship, or any other characteristic protected by applicable laws.

Reasonable Accommodation

Our goal is to create an accessible and inclusive experience for all candidates applying and interviewing at the Laboratory. If you need a reasonable accommodation during the application or the recruiting process, please use our online form to submit a request. 

California Privacy Notice

The California Consumer Privacy Act (CCPA) grants privacy rights to all California residents. The law also entitles job applicants, employees, and non-employee workers to be notified of what personal information LLNL collects and for what purpose. The Employee Privacy Notice can be accessed here.

Read Full Description