DM-26173
DSTG requires Network architect/administrator to provide network design and system administration services for a heterogeneous, standalone network, providing virtualised Linux and Windows servers, with a small physical desktop footprint.
You will be responsible for
- Contributing to the design of a standalone network to support virtualised Linux and Windows services, as well as Windows desktops,
- Contributing to the design of a GitOps network administration process, utilising tools such as Terraform, Ansible, Puppet, GitLab, HashiCorp Vault, Docker and Kubernetes,
- The generation of governance documentation to support network accreditation including but not limited to a CONOPS, High Level Design, System Security Plan, Continuous Monitoring Plan, Incidence Response Plan, and Information Assurance Procedures, Standard Operating Procedures,
- Implementation of security controls defined by the relevant security standards, including the PSPF, ISM and NIST 800 series publications,
- Development of scripts, resource configuration and automations to deploy and maintain network services in an auditable, reproducible manner,
- Ensuring that all hosts on the network are appropriately maintained and patched in accordance with processes defined in governance documentation,
- Managing network compute and virtualisation services (VMWare, Proxmox, Nutanix, Xen, etc),
- Managing network identity services (Active Directory/LDAP), access controls, group policies and account management
- Managing network services to support software development and simulation activities (Artifactory, GitLab, SonarQube, etc)
- Managing network productivity services (i.e. a Wiki, Chat service, etc)
- Managing network storage services (NAS/SAN, and performing backups as required)These responsibilities may change as the requirements of the network change from time to time.
You must have Negative Vetting 2 (NV2) security clearance.
Please submit the following documents to [email protected] or call 02 61568770.
- Cover page specifying candidate suitability for the nominated role (max 1000 words).
- Up to date Resume
- Response to selection criteria (max 2 pages).
- Two referees, including role relationship and contact details – note: contact with referees will only be made after interviews are conducted and if required
- Have sound interpersonal skills, including the ability to work productively and collaboratively as a member of a team;
- Have the ability to develop strong working relationships across multiple business areas and recommend or co-ordinate efforts to deliver fit-for-purpose and timely outcomes;
- Contribute positively to the outcomes of highly functional teams;
- Have the ability to communicate clearly and effectively with both colleagues and clients at multiple organisational levels;
- Have well-developed internal and external customer relationship management skills;
- Have demonstrated effective written, verbal communication, effective listening and problem-solving skills;
- Be able to respond positively to challenging work and deadlines;
- Have developed proficiency in time management, including the ability to prioritise and manage multiple concurrent tasks;
- Be proficient in troubleshooting, investigation and reverse engineering of complex and undocumented systems; and
In addition to the General Requirements above, the following technical experience and skills are desirable:
Highly Desirable Criteria:
- Demonstrated experience with Linux administration. RedHat experience preferred.
- Demonstrated experience in both Windows Server and Desktop administration – Active Directory, Group Policy, Account management, Powershell, WSUS, system patching
- Demonstrated experience with infrastructure-as-code tools such as Terraform
- Demonstrated experience with configuration-as-code tools such as Ansible, Puppet or Chef
- Demonstrated experience with containerisation technologies such as Docker, Podman
- Demonstrated experience with container orchestration technologies such as Kubernetes, OpenShift
- Demonstrated experience using version control systems such as git
- Demonstrated experience designing highly secure networks in consultation with the ISM or NIST 800 series publications and developing security governance documentation to support engagement with and accreditation by relevant ICT authorities
- Demonstrated experience establishing GitOps workflows for network administration and continuous integration pipelines
- Software development experience or experience developing scripts to automate system administration tasks, with languages such as Bash, Python and Powershell would be highly beneficial
- Demonstrated experience managing network services such as Network Attached Storage (NAS) servers and/or Storage Attached Networks (SANs)
- Demonstrated experience managing virtualisation technologies such as VMWare, Nutanix, Proxmox or Xen
- Demonstrated experience deploying and managing software development support services such as Artifactory, GitLab, HashiCorp Vault, etc.
You shall undertake the work in the following deliverables:
Deliverable 0: Ongoing Network Administration
In accordance with the procedures developed to support network accreditation, provide ongoing network administration services, including but not limited to:
- User account management
- End-user support
- Access control management
- Continuous service monitoring and administration
- Maintenance of change configuration
- Continuous review and development of existing infrastructure
- Maintain systems administration, security and network documentation
- Regular patching and update management including network services, desktop applications and operating system images
- Management of network storage solutions, including back ups
Deliverable 1: Monthly Progress Reports
Contribute to written reports every month, including:
- Progress against requirements
- Resource metrics
- Requirements refinement
- Identified risks and issues
- Upcoming activities and priorities
Deliverable 2: Capability Demonstration and Delivery of Artefacts
At end of contract period a demonstration of products developed will be delivered on a Defence accredited environment. The developed source code and documentation artefacts will be delivered in a form such that they can continue to be worked on by potentially other teams (for example source code in git, and documentation in restructured text or markdown)
Deliverable 3: Governance Documentation
Drive the generation of network accreditation governance documentation, including but not limited to:
- Concept of Operations (CONOPS)
- Network High Level Design
- System Security Plan
- Continuous Monitoring Plan
- Incidence Response Plan
- Information Assurance Procedures, and
- Standard Operating Procedures
Deliverable 4: Functional Network
Contribute to the implementation of the network described in the governance documentation to demonstrate the designed network implements the necessary security controls and satisfies accreditation requirements.
Deliverable 5: Accredited Network
Engage with the relevant accreditation authorities to ensure that the network is accredited in accordance with the network requirements.
Offer ended on 27.10.2024