Computer Systems Engineer Architect - SME

Job Description

Job Description

Us

At Aretec, Inc., we are catalysts for change within the federal government landscape. Specializing in advanced analytics, machine learning, data analysis, cybersecurity, and business optimization, we empower federal agencies to achieve their most critical missions. As a premier partner and prime vendor, we deliver innovative, high‑impact solutions that address complex challenges and drive national progress. Our commitment to excellence and innovation positions us at the forefront of transforming governmental operations, enhancing efficiency, and making a lasting difference in the lives of citizens.

You

You are a visionary technical leader with deep expertise in enterprise identity, authentication, and infrastructure engineering. You thrive in complex, mission‑critical environments where reliability, security, and precision are non‑negotiable. You bring authoritative knowledge of Active Directory, PKI, DNS, virtualization, and enterprise authentication systems-and you excel at designing, modernizing, and securing large‑scale federal environments. You are driven by the opportunity to architect solutions that strengthen national operations and support the missions of federal agencies.

What We're Looking For

We are seeking a Computer Systems Engineer Architect – SME who will play a pivotal role in advancing enterprise identity, authentication, and infrastructure capabilities for our federal partners. In this role, you will lead the engineering and modernization of mission‑critical directory services that support more than 100,000 users across the Department of the Interior.

In this role, you will:

• Lead Innovative Projects

Architect and implement enterprise Active Directory, PKI, DNS, and authentication solutions that enhance security, availability, and operational resilience across federal environments.

• Collaborative Solution Development

Partner with cross‑functional engineering, cybersecurity, and operations teams to design scalable, compliant, and secure identity and infrastructure solutions.

• Strategic Impact

Evaluate emerging technologies, modernization opportunities, and federal cybersecurity requirements to guide strategic decisions and strengthen enterprise architecture.

• Stakeholder Engagement

Engage with federal leadership, bureau administrators, and technical teams to understand mission needs and deliver solutions that drive operational excellence.

• Mentorship and Leadership

Serve as a senior technical authority, providing guidance, training, and knowledge transfer to engineers and administrators across the enterprise.

Position Summary

The Computer Systems Engineer Architect – SME provides senior‑level engineering, architectural design, and operational oversight for the Department of the Interior's Enterprise Active Directory (EAD) and Enterprise Directory Services (EDS) environments. This role delivers authoritative expertise across identity services, PKI, DNS, virtualization, systems integration, and enterprise authentication.

The SME ensures high availability, security, compliance, and modernization of mission‑critical directory and infrastructure services supporting more than 100,000 DOI users. This position functions as a top‑tier technical authority, guiding engineering decisions, leading complex troubleshooting, and supporting enterprise‑wide initiatives in alignment with NIST, ITIL, FISMA, HSPD‑12, and DOI OCIO standards.

Core Responsibilities

Enterprise Directory Services (EDS) Engineering

• Architect, design, implement, and maintain DOI's Enterprise Active Directory (EAD) and identity services.
• Lead engineering for domain controllers, forest architecture, replication, schema management, and cross‑domain trust relationships.
• Develop and maintain configuration, release, and change management processes.
• Engineer and maintain GPOs, AGPM, and enterprise configuration baselines.

PKI & Authentication Services

• Operate and maintain enterprise PKI services including CAs, HSMs, CRLs, OCSP responders, and certificate templates.
• Support smart card authentication, HSPD‑12, and secure credential issuance.
• Engineer and maintain ADFS, SAML 2.0, and federated authentication services.

DNS & Directory Synchronization

• Administer enterprise DNS, the EDS namespace (doi.net), and DNS security configurations.
• Maintain directory synchronization services supporting ADFS, OVD, and identity platforms.

Operational Support & Infrastructure Engineering

• Lead infrastructure planning, architectural design, and implementation for virtualization, clustering, storage, and high‑availability systems.
• Support P‑to‑P, P‑to‑V, and V‑to‑V migrations and enterprise hosting platforms (Hyper‑V, SAN).
• Oversee backup and disaster recovery operations using Quest Recovery Manager and DOI‑approved tools.

Security, Compliance & Monitoring

• Ensure compliance with FISMA, FDCC, NIST 800‑53/73, SCAP, and DOI security policies.
• Maintain security posture through patching, antivirus, and vulnerability remediation.
• Monitor enterprise systems using SCOM, SCCM, NetIQ, ATA, and other approved tools.

Technical Leadership & Collaboration

• Serve as SME advisor to DOI OCIO, bureau administrators, and engineering teams.
• Provide knowledge transfer, SOP development, and training to system engineers and administrators.
• Support CAB processes, technical review boards, and enterprise governance.

Required Qualifications

• 8–12+ years of experience in enterprise systems engineering, Active Directory architecture, and infrastructure design.
• Expert‑level proficiency with Microsoft AD, DNS, PKI, ADFS, GPO, virtualization, and enterprise authentication.
• Experience supporting large‑scale federal environments or multi‑domain infrastructures.
• Strong understanding of NIST, ITIL, FISMA, HSPD‑12, and federal cybersecurity frameworks.
• Proven ability to diagnose and resolve complex performance issues across CPU, memory, disk I/O, and networking.
• Experience with PowerShell, automation, and enterprise configuration management tools.

Education & Certifications

Required:

• Bachelor's degree in Computer Science, Engineering, or related field (or equivalent experience).

Preferred:

• Microsoft Certified: Azure Solutions Architect Expert / Azure Administrator
• Red Hat Certified Engineer (RHCE)
• AWS/Azure/GCP cloud certifications
• Security certifications aligned with IAT II/IAT III (Security+, CCNA Security, etc.)

The Expectations of the Job

Day One

• Immerse yourself in Aretec's mission, culture, and federal partner environment.
• Begin building relationships with engineering teams and stakeholders.

Day Thirty

• Contribute to Active Directory, PKI, DNS, or authentication engineering tasks.
• Apply your expertise to initial modernization and operational support efforts.

Day Sixty

• Lead major components of enterprise directory or infrastructure engineering initiatives.
• Participate in strategic planning and provide insights on modernization opportunities.
• Engage more deeply with federal partners to understand mission requirements.

Day Ninety

• Assume full ownership of enterprise identity, authentication, or infrastructure modernization initiatives.
• Identify opportunities for automation, optimization, and architectural improvement.
• Mentor engineers and strengthen enterprise engineering practices.

Benefits

Aretec offers a comprehensive benefits package including health, dental, vision, 401(k) with match, certification stipends, professional development opportunities, flexible work arrangements, and generous PTO.

Citizenship Requirement

Due to the nature of our federal contracts, only sole U.S. Citizens can be considered for this position.

Equal Opportunity Employer

Aretec, Inc. is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all employees and applicants.