Posted 3 weeks ago
Secret
$160,000 - $175,000
Unspecified
Remote/Hybrid• (Off-Site/Hybrid)
Zachary Piper is seeking an experienced CANES Platform Architect to lead the design, integration, and implementation of the Next Generation CANES architecture. This role is responsible for defining and governing the shipboard and shore-based platform architecture that consolidates hosting, networking, security, and automation-leveraging Red Hat OpenShift as the primary platform.
The architect will drive the transition from legacy, hardware-dependent CANES implementations to a modular, OpenShift-first, automation-driven architecture. This includes enabling containerized workloads, integrating OpenShift Virtualization for legacy virtual machines, and implementing model-driven network and security operations. The position is highly technical and hands-on, spanning compute, storage, network, and security domains, while ensuring compliance with CANES tenets, PMW-160 guidance, RMF requirements, and fleet operational constraints.
*Candidates must hold an active Secret Clearance to be considered*
________________________________________
Key Responsibilities
Platform Architecture and Design
• Lead end-to-end technical architecture for CANES Next Generation across shipboard and shore environments.
• Ensure architectural consistency across Unit Level, Force Level, submarine, and small platform variants.
• Define reference architectures, design patterns, and constraints to enable modularity, scalability, and repeatable pier-side installation.
OpenShift-First Hosting Strategy
• Architect and govern the use of Red Hat OpenShift as the primary hosting platform, supporting containers and virtual machines side by side via OpenShift Virtualization.
• Define workload placement, enclave-specific cluster topology, and migration strategies to ensure seamless transition from legacy CANES without operational disruption.
Virtualization and Legacy Workload Integration
• Develop and oversee technical approaches for sustaining and migrating VMware-based and bare-metal workloads into OpenShift Virtualization.
• Define VM lifecycle management, live migration strategies, backup/recovery integration, and operational boundaries between legacy and cloud-native workloads.
Automation and Infrastructure as Code
• Establish and enforce Infrastructure as Code (IaC) and GitOps principles across CANES Next Generation.
• Architect day-0, day-1, and day-2 automation using Ansible Automation Platform, integrated with shore-to-ship governance models.
• Ensure automation supports installation, upgrades, compliance enforcement, rollback, and evidence capture.
Modular Hardware and CEG Integration
• Define how modular hardware building blocks and CyKor Equipment Groups (CEGs) integrate into the platform architecture.
• Ensure compute, storage, and network modules are pre-validated, self-describing, and capable of rapid installation, replacement, and lifecycle refresh without redesign.
________________________________________
Required Qualifications
• Primary Expertise:
o Deep expertise in Red Hat OpenShift and Kubernetes, including cluster architecture, operators, upgrades, lifecycle management, and multi-cluster operations in constrained or disconnected environments.
• Virtualization:
o Hands-on experience with OpenShift Virtualization and KubeVirt, including VM lifecycle management, live migration, backup/restore, and migration from VMware or other legacy hypervisors.
• Automation:
o Advanced experience with Ansible Automation Platform for orchestration, configuration management, and platform lifecycle automation in highly governed environments.
• Operating Systems & Security:
o Strong experience with RHEL and Red Hat CoreOS, platform hardening, and secure configuration management.
o Solid understanding of container and VM security controls, identity integration, and compliance enforcement.
• Experience Level:
o Minimum 8 years in platform architecture, systems engineering, or infrastructure engineering roles, with proven success leading complex platform transformations in mission-critical or regulated environments.
________________________________________
Preferred Qualifications
• Experience with Navy CANES, ADNS, or other DoD tactical network programs.
• Familiarity with Cisco NSO and model-driven network configuration management.
• Expertise in designing platforms for disconnected, intermittent, or bandwidth-constrained environments.
• Strong background in DevSecOps pipelines and controlled software delivery environments.
• Ability to produce clear technical documentation for formal design reviews and government stakeholders.
________________________________________
Compensation:
• Salary Range: $160,000 - $175,000 (depending on experience)
• Full Benefits: Medical, Dental, Vision, 401K, PTO, Sick Leave, and Holidays. (As required by law)
#LI-BR1
LI-Remote
Keywords:
CANES, DevSecOps, Infrastructure-as-Code, IaC, Network Automation, Ansible, Terraform, Python, GitOps, CI/CD, Navy, Afloat Networks, Zero Trust, RMF, DISA STIG, Compliance-as-Code, VMware vSphere, Cisco IOS-XE, Cisco NX-OS, Virtualization, Kubernetes, Containers, Git, YAML, Jinja2, Automated Testing, Linting, Idempotence, Schema Validation, ACAS, Vulnerability Management, PKI, CAC, Security+, CISSP, CASP+, Cisco DevNet, CCNP, CCIE, RHCE, Ansible Certification, CKA, CKAD, GitLab, Jenkins, GitHub Actions, Artifact Repositories, Code Signing, SBOM, Disaster Recovery, Navy PMW, Navy Pipelines, DoD Clearance
The architect will drive the transition from legacy, hardware-dependent CANES implementations to a modular, OpenShift-first, automation-driven architecture. This includes enabling containerized workloads, integrating OpenShift Virtualization for legacy virtual machines, and implementing model-driven network and security operations. The position is highly technical and hands-on, spanning compute, storage, network, and security domains, while ensuring compliance with CANES tenets, PMW-160 guidance, RMF requirements, and fleet operational constraints.
*Candidates must hold an active Secret Clearance to be considered*
________________________________________
Key Responsibilities
Platform Architecture and Design
• Lead end-to-end technical architecture for CANES Next Generation across shipboard and shore environments.
• Ensure architectural consistency across Unit Level, Force Level, submarine, and small platform variants.
• Define reference architectures, design patterns, and constraints to enable modularity, scalability, and repeatable pier-side installation.
OpenShift-First Hosting Strategy
• Architect and govern the use of Red Hat OpenShift as the primary hosting platform, supporting containers and virtual machines side by side via OpenShift Virtualization.
• Define workload placement, enclave-specific cluster topology, and migration strategies to ensure seamless transition from legacy CANES without operational disruption.
Virtualization and Legacy Workload Integration
• Develop and oversee technical approaches for sustaining and migrating VMware-based and bare-metal workloads into OpenShift Virtualization.
• Define VM lifecycle management, live migration strategies, backup/recovery integration, and operational boundaries between legacy and cloud-native workloads.
Automation and Infrastructure as Code
• Establish and enforce Infrastructure as Code (IaC) and GitOps principles across CANES Next Generation.
• Architect day-0, day-1, and day-2 automation using Ansible Automation Platform, integrated with shore-to-ship governance models.
• Ensure automation supports installation, upgrades, compliance enforcement, rollback, and evidence capture.
Modular Hardware and CEG Integration
• Define how modular hardware building blocks and CyKor Equipment Groups (CEGs) integrate into the platform architecture.
• Ensure compute, storage, and network modules are pre-validated, self-describing, and capable of rapid installation, replacement, and lifecycle refresh without redesign.
________________________________________
Required Qualifications
• Primary Expertise:
o Deep expertise in Red Hat OpenShift and Kubernetes, including cluster architecture, operators, upgrades, lifecycle management, and multi-cluster operations in constrained or disconnected environments.
• Virtualization:
o Hands-on experience with OpenShift Virtualization and KubeVirt, including VM lifecycle management, live migration, backup/restore, and migration from VMware or other legacy hypervisors.
• Automation:
o Advanced experience with Ansible Automation Platform for orchestration, configuration management, and platform lifecycle automation in highly governed environments.
• Operating Systems & Security:
o Strong experience with RHEL and Red Hat CoreOS, platform hardening, and secure configuration management.
o Solid understanding of container and VM security controls, identity integration, and compliance enforcement.
• Experience Level:
o Minimum 8 years in platform architecture, systems engineering, or infrastructure engineering roles, with proven success leading complex platform transformations in mission-critical or regulated environments.
________________________________________
Preferred Qualifications
• Experience with Navy CANES, ADNS, or other DoD tactical network programs.
• Familiarity with Cisco NSO and model-driven network configuration management.
• Expertise in designing platforms for disconnected, intermittent, or bandwidth-constrained environments.
• Strong background in DevSecOps pipelines and controlled software delivery environments.
• Ability to produce clear technical documentation for formal design reviews and government stakeholders.
________________________________________
Compensation:
• Salary Range: $160,000 - $175,000 (depending on experience)
• Full Benefits: Medical, Dental, Vision, 401K, PTO, Sick Leave, and Holidays. (As required by law)
#LI-BR1
LI-Remote
Keywords:
CANES, DevSecOps, Infrastructure-as-Code, IaC, Network Automation, Ansible, Terraform, Python, GitOps, CI/CD, Navy, Afloat Networks, Zero Trust, RMF, DISA STIG, Compliance-as-Code, VMware vSphere, Cisco IOS-XE, Cisco NX-OS, Virtualization, Kubernetes, Containers, Git, YAML, Jinja2, Automated Testing, Linting, Idempotence, Schema Validation, ACAS, Vulnerability Management, PKI, CAC, Security+, CISSP, CASP+, Cisco DevNet, CCNP, CCIE, RHCE, Ansible Certification, CKA, CKAD, GitLab, Jenkins, GitHub Actions, Artifact Repositories, Code Signing, SBOM, Disaster Recovery, Navy PMW, Navy Pipelines, DoD Clearance
group id: 10430981
