ROLE SUMMARY
NOTE: This position is a hybrid working environment from one of our 3 major US based offices: Houston, Miami, Reston VA.
The Senior RHEL engineer will own the OS and container platform behind our on-premises energy-management deployments. You'll build and harden the tailored RHEL image and the containerized Ignition SCADA workload running on industrial PCs across U.S. data-center sites, and act as our deep RHEL authority and L3 escalation point. This is a platform-engineering and expertise role - not field installation.
You will own our OS architectures, container builds and configuration, and the runtime that hosts Ignition, while the SCADA team owns everything configured inside Ignition (tags, screens, logic). On the network side, the host firewall and OS-level networking (interfaces, routing, DNS, firewalld/nftables) are yours, while the physical and site network beyond the host NIC belongs to Operational Technology (OT). Travel to third-party data-center sites is for troubleshooting and support only. The separate OT team commissions and deploys every machine, so you won't install systems in the field.
RESPONSIBILITIES
- Build, version, and maintain a reproducible, turnkey RHEL image tailored to the SCADA host's needs (time sync, firewall/ports, storage, service ordering, resource tuning).
- Own the SCADA container image end to end: Containerfile, base image, JVM, persistence, ports, hardening, scanning, and registry.
- Run containers as systemd services via Podman and quadlets.
- Harden the OS and images to a recognized baseline (CIS/STIG) and define a patching and lifecycle strategy for OT uptime and restricted/disconnected sites (offline/mirrored registry).
- Troubleshoot full-stack - OS, container runtime, and application runtime behavior - remotely and on-site, handing off application-level issues to the SCADA team.
- Own host-level networking and firewall configuration (interfaces, routing, DNS, firewalld/nftables, and port exposure for the SCADA container), and lead connectivity troubleshooting between the host and site infrastructure.
- Document runbooks for the OT team and help define the connectivity and security posture.
- Maintain the Windows image pipeline (Packer-based) in steady state once established: periodic patching, hardening updates, and image rebuilds.
MUST-HAVE QUALIFICATIONS:
- 7+ years of senior, hands-on production RHEL/Linux engineering.
- Container-native delivery: Podman, quadlets/systemd, building and owning container images (including packaging a JVM-based app such as Ignition), and registry management.
- Reproducible, turnkey, versioned RHEL image building (bootc, Kickstart, Image Builder/osbuild, or Ansible-driven).
- OS and image hardening to a recognized baseline (CIS/STIG).
- Patch and lifecycle management for restricted/disconnected environments, including offline/mirrored content and registries.
- Automation (Ansible) and version control.
- Strong Linux networking and diagnostics: firewall administration (firewalld/nftables) and packet/connectivity tooling (Wireshark, tcpdump, ss, ip), plus containerized debug environments (toolbox).
- Confidence operating as the RHEL authority, with strong documentation habits.
NICE-TO-HAVE QUALIFICATIONS:
- OT/ICS or SCADA exposure and frameworks (IEC 62443, NERC CIP, NIST 800-82).
- Familiarity with Ignition specifically.
- Windows image automation (Packer) and Windows patching/hardening familiarity.
- RHCSA / RHCE / RHCA certifications.
ADDITIONAL INFORMATION:
- Based in the Houston, TX area preferred for hybrid schedule environment.
- Available to travel to sites for on-site support (20%), and to provide remote support for production issues.
- Able to meet third-party data-center access requirements (background check, badging, host-facility protocols) and represent the company professionally on-site.