Infrastructure Automation Engineer (37387823)

Description:

Key Responsibilities

• Provisioning & Templates
• Extend existing production Aria Automation environment with new virtual machine templates for SSM and SentinelOne self-registration
• Build reusable, parameterized templates across Aria Automation, Terraform, and Ansible
• Support for all three OS types: Windows, Linux, and macOS (Intel-based)
• Integrate with existing CI-driven provisioning and deprovisioning workflows already in place
• Treat the existing production environment with care — validate all changes in non-production before any production promotion. Attention to detail and clear team communication of possible clear assessment of production impact it imperative.
• AWS SSM Integration
• Automate SSM Agent installation and registration as part of every provisioning workflow
• Configure hybrid activation codes for all on-premises (non-EC2) targets across all OS types
• Validate SSM registration before marking provisioning complete
• SentinelOne Integration
• Automate SentinelOne agent installation and silent deployment for Windows, Linux, and macOS.
• Develop hands-off integration with SentinelOne so that any defined exclusions are in place at SentinelOne installation time.
• Confirm agent check-in as a provisioning completion gate.
• Security Team Collaboration
• Work directly with the internal Security group to define and validate required exclusion sets.
• Work directly with internal security group to define system integration for up-front exclusions activation process.
• Collaborate with Security to develop and document a formal exclusions process — covering what exclusions are permissible, how they are requested, reviewed, and approved.
• GitLab & CI/CD Pipeline Development
• Maintain all code in GitLab with regular, meaningful check-ins, pull requests and regular reviews with team.
• Follow generally accepted software development practices: branching strategies, merge requests, commit hygiene, and code review
• Build and maintain GitLab CI pipelines for linting, validation, testing, and deployment of provisioning and migration code
• Implement pipeline stages for Dev, Staging, and Production promotion with appropriate approval gates
• Use Artifactory to store and retrieve binary dependencies.
• Organize repositories clearly so the internal team can understand, maintain, and extend the work after the engagement ends.
•  
• Skills:    
• Required Skills
• Area
• Requirement
• Aria Automation
• Hands-on experience with production VMware Aria / vRealize Automation 8.x environments; Cloud Assembly, ABX or vRO
• Terraform
• Proficient with HCL, modules, state management; vSphere, AWS, and Proxmox providers
• Ansible
• Experience writing playbooks and roles for OS configuration, agent deployment, and migration tasks
• AWS SSM
• Hands-on with SSM Agent deployment, hybrid activations for on-premises targets, and IAM configuration
• SentinelOne
• Experience with agent deployment across Windows, Linux, and macOS; Management Console API
• Proxmox
• Familiarity with Proxmox VE administration, VM/template management, storage, and networking
• VMware Migration
• Experience exporting VMware VMs and converting to KVM/QEMU-compatible formats
• Migration Tooling
• Familiarity with virt-v2v, qemu-img, or equivalent VMware-to-KVM conversion tooling
• macOS Automation
• Experience automating agent deployment and configuration on Intel-based macOS
• GitLab
• Comfortable with GitLab repo management, branching, merge requests, and regular check-in discipline
• GitLab CI
• Proficient building .gitlab-ci.yml pipelines with multi-stage, multi-environment deployments
• Artifactory
• Familiarity with JFrog Artifactory for artifact storage and pipeline integration
• Secret Management
• Experience integrating with 1Password Vaults for secret retrieval in scripts and pipelines
• Scripting
• Proficient in Bash, Python, and/or PowerShell
• Collaboration
• Proactive communicator — comfortable asking questions, raising risks early, and working closely with a team leader and infrastructure team
• Security Collaboration
• Demonstrated ability to work cross-functionally with Security teams on exclusion processes and token governance
•  
• Nice to Have
• Experience with Packer for building Proxmox or VMware VM templates
• Familiarity with HashiCorp Vault or AWS Secrets Manager
• Prior work in security-conscious environments (SOC 2, FedRAMP, etc.)
• Experience with large-scale VMware-to-KVM or VMware-to-Proxmox migrations
• Experience with GitLab Environments and deployment tracking
• Experience integrating provisioning or migration workflows with ITSM tools (e.g., ServiceNow)
•  
• 1
• Environment access; review of existing Aria Automation setup and CI workflows; full VM inventory and VMware dependency assessment begins; initial Security team meeting; GitLab repo and Artifactory structure established
•  
• 2
• Aria Automation templates with SSM + SentinelOne registration working in non-prod for Windows and Linux; first Security review checkpoint; GitLab CI pipeline validating templates
•  
• 3
• macOS (Intel) provisioning integration complete; Terraform and Ansible equivalents with full GitLab CI pipeline promotion workflow
• 4
• Exclusions process documented and approved by Security; all token handling via 1Password validated; artifacts managed through Artifactory
• 5
• Proxmox capacity planning complete; Proxmox environment validated as migration target; migration script toolkit v1 complete; non-production migration runs executed and validated
• 6
• Migration scripts hardened with error handling, rollback, and post-migration validation; production migration pipeline ready with change management gates
• 7
• All documentation and runbooks delivered; Proxmox platform readiness report; migration runbook finalized; knowledge transfer completed

​​​​​​​Key Constraints

• Availability during US business hours (west coast) with reliable overlap for team meetings and Security review sessions
• All code must be in GitLab with regular, meaningful check-ins.
• All exclusions must be reviewed and approved by the internal Security team before implementation
• Agent installers and dependencies must be sourced through Artifactory — not pulled directly from the internet during pipeline runs
• Live migration is preferred — downtime migrations require prior coordination and agreement with affected end-users
• Contractor must proactively self-review for VMware-specific dependencies and consult with the team leader before proceeding with any uncertain migration
• Production migrations must follow internal change management processes with documented rollback procedures
• All work product is owned by the organization upon engagement close
•  
• Working Style Expectations
• Ask early, ask often — the team leader is available and expects the contractor to raise questions and concerns proactively rather than making assumptions.
• Self-sufficient enough to identify and research VMware-specific edge cases independently, but collaborative enough to validate findings with the team before acting. Recommendations and thoughts are welcome to discuss to make final decisions in a clear and open communication environment.
• Treat the production environments (5 years, 300TB, 1,500–2,000 VMs) with appropriate care — no production changes without validation and team alignment.
• Code should be written as if the internal team will maintain it after the engagement ends — readable, documented, and well-organized