Job Title: Network Administrator (Jump Host and SONic)
Client: Private Sector Technology Company
Duration: 6-12 months contract (potential extensions)
Location: Remote - Canada - EST
Position Summary
- We are seeking an experienced, compliance-driven RDL Jump Host Administrator to take ownership of the system administration, security, and access control of our global local jump hosts.
- Reporting directly to the Lead Network Architect, and working in close alignment with
the RDL Network Administrator, you will manage secure access pathways into completely
isolated, air-gapped lab networks.
- The primary objective of this role is to ensure that remote connections terminating from
corporate Zscaler ZTNA or customer CyberArk vPAM environments are securely processed,
authenticated, and audited.
- Since our environments strictly prohibit Active Directory or domain
joins, you will manage decentralized, local authentication configurations, shell environments,
and session boundaries.
- Crucially, you will implement and maintain the strict compliance frameworks required for
Export Controlled VLANs—including interactive terms-of-use banners, mandatory user
acceptance gates for shell access, and tamper-proof user-acceptance audit logging.
Core Responsibilities
1. Jump Host System Administration & Hardening
- Server Provisioning & Lifecycle: Deploy, configure, and maintain Linux-based (Rocky
Linux, Ubuntu, CentOS) local jump host virtual machines operating on VMware vSphere or
Microsoft Hyper-V clusters.
- Operating System Hardening: Apply strict CIS (Center for Internet Security) hardening
benchmarks on all jump host operating systems. Ensure that no unauthorized software or
corporate agents (e.g., CrowdStrike, ServiceNow, ClearPass, Windows Domain utilities) are
installed or active on endpoints installed on the VLAN behind the Jump Host.
- Service Availability: Ensure the high availability, performance, patch status, and storage
capacity of jump servers acting as gateways to the core RDL networks.
2. Export Control Compliance & Interactive Gates
- Export Control Shell Banners: Configure and manage interactive, mandatory user
agreement screens (e.g., using custom shell login scripts, Pluggable Authentication
- Modules (PAM), or SSH ForceCommand) specifically for systems accessing Export
- Controlled VLANs.
- User Acceptance Verification: Ensure that users cannot acquire an interactive shell, run commands, or bypass the landing screen without explicitly reading and accepting the export control and NDA terms.
- Tamper-Proof Acceptance Logging: Implement and maintain robust, structured logging systems (using Rsyslog, Journald, or custom secure local logging scripts) that capture:
The authenticated user's local/remote identifier.
Source IP and connection timestamp.
Explicit timestamped confirmation of the user's compliance acceptance.
- Log Archival & Integrity: Set up secure, write-only log forwarding or local hashing protocols to ensure audit logs of export-control acceptances cannot be modified or deleted by general users.
3. Identity, Access, & Session Management
- Decentralized Local Authentication: Programmatically or manually provision local Unix user accounts, localized Role-Based Access Control (RBAC), and SSH keys on all jump hosts.
- Remote Integration Support: Partner with corporate IT to ensure seamless hand-offs from Zscaler ZTNA (via local Zscaler App Connectors) and CyberArk vPAM session terminating on the jump hosts.
- Session Controls: Configure strict SSH timeouts, idle session terminations, and multi-factor authentication loops to prevent abandoned active connections.
4. Operations, Ticket Resolution & Collaboration
- Workplace Collaboration: Align daily with the RDL Network Administrator to coordinate
- VLAN mappings, firewall rule adjustments, and routing protocols necessary for jump host access.
- Engineering Support: Serve as a technical point of contact for design engineers having credentialing, shell, or connection issues when entering secure environments.
- Incident & Audit Readiness: Assist the Lead Network Architect in pulling audit trails and access reports during compliance reviews, system security audits, or customer security evaluations.
Technical Qualifications
- Bachelor's degree in Network/System Administration, Computer Science, Cybersecurity,
or equivalent technical experience.
4+ years of dedicated experience in Linux System Administration, with a strong focus on
secure system hardening, user management, and compliance auditing.
- Must have experience with SONic Infrastructure management
- Linux Expertise (Expert Level): Mastery of Linux OS administration (Rocky Linux, RHEL,
CentOS, Ubuntu) including shell scripting (Bash, Python), security policies, and package
management.
- Secure Access & Authentication: Comprehensive knowledge of SSH daemon
configuration (sshd_config), PAM (Pluggable Authentication Modules) stack configuration,
and secure local authentication patterns.
Audit & Log Engineering: Proven experience configuring structured logging systems,
syslog routing, Rsyslog, or Journald to create secure, immutable compliance audit trails.
- Access Technologies: Familiarity with Zscaler ZTNA (App Connectors), CyberArk
- vPAM, and Virtual Private Network (VPN) architectures.
- Virtualization Basics: Practical experience administering virtual machines, virtual switches, and storage within VMware ESXi / vCenter or Microsoft Hyper-V.
Preferred Certifications
- Red Hat Certified System Administrator (RHCSA) or Engineer (RHCE)
- CompTIA Linux+ or Linux Foundation Certified SysAdmin (LFCS)
- CompTIA Security+ or GISF (GIAC Information Security Fundamentals)
- CyberArk Certified Sentry or Trustee
- Extreme Attention to Detail: Precise, systematic approach to system configuration,
security rules, and audit trail maintenance.
- High Integrity: Uncompromising commitment to maintaining security barriers,
compliance standards, and ethical handling of export-controlled hardware and software.
- Excellent Communicator: Strong written and verbal communication skills, necessary for
writing technical LLD/SOP documentation, explaining access gates to end-users, and
coordinating with the RDL Network Architect
#IndKyn
**Please note this is for a contract position with one of our clients and not a fulltime employment role with Kyndryl Canada**