Principal Platform Engineer Job Listing at SPA in Colorado Springs, CO (Job ID 20621)

Description

Overview Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted. The Space and Intelligence Division provides professional services to the US Space Force, Combatant Commands, Intelligence Community, and NASA. Our work includes enterprise architectural assessments, systems engineering and integration, test, planning and execution, cost estimating and analysis, acquisition support, and cybersecurity. We are trusted partners developing approaches and concepts to meet emerging high priority needs, assessing cutting-edge technologies, and supporting capabilities for our National Defense. Come join the fastest growing Division at Systems Planning and Analysis, Inc.! The Space Systems Group (SSG), part of SPA's Space and Intelligence Division, provides timely and objective assessments and recommendations integrating technical, operational, programmatic, policy and business analysis. We focus on our key clients in the Space community including the US Space Force's Space Systems Command (USSF/SSC), one of the three designated Field Commands under USSF. We work tirelessly to provide integrated solutions based on information and communications throughout the chain of command. We provide clear and consistent analysis and recommendations which are aligned to strategic and leadership goals while balancing the ability to execute on time and on budget within the technical communities. Come join an organization responsible for being a key enabler of Spacepower! SPA has a need for a Principal Platform Engineer. Responsibilities SPA is seeking a Principal Platform Engineer to build, deploy, operate, sustain, and continuously enhance a secure, mission-ready Azure-based cloud environment within our Platform as a Service solution that supports software development, deployment, and operational execution across multiple environments, including classified. Our Platform includes development, staging, and production environments in IL4, IL5, IL6, and SCI. This is a hands-on engineering role with leadership responsibility for technical outcomes. You will lead by implementing and optimizing within an established architecture while ensuring adherence to best practices for reliability, security, and compliance. While this is a non-supervisory role, you will own the success of the SCI environment. You will organize work, align team priorities with platform objectives, and enable the productivity of a high-performing engineering team committed to mission delivery. Key responsibilities include but are not limited to the following: Platform Implementation & Integration: Execute platform builds and deployments in alignment with approved reference architectures, patterns, and standards. Integrate core platform services such as AKS, GitLab, ArgoCD, Keycloak, and Azure Arc into the environment with precision and compliance rigor. Operational Execution & Sustainment: Maintain and optimize day-to-day operations, including monitoring, scaling, patching, and securing workloads to ensure platform stability and compliance. Implement observability and monitoring solutions (Grafana, Loki, ELK, Azure Metrics Advisor) to achieve proactive, data-driven operations. Technical Leadership & Team Enablement: Serve as the senior technical lead for implementation details and operational best practices for the SCI environment. Drive disciplined execution, coach team members, and ensure consistency across automation, configuration, and security baselines. Security & Compliance Enforcement: Implement DevSecOps best practices, including automated security scanning (SAST/DAST, SBOM, Trivy, SonarQube), compliance-as-code pipelines, and continuous patching cycles. Ensure platform adherence to NIST 800-53/171, FedRAMP, and organizational cyber standards. Governance & Continuous Improvement: Participate in Configuration Management and Change Control Boards, providing technical assessments and recommendations. Identify and implement process and automation improvements to enhance reliability, deployment velocity, and mean time to recovery (MTTR). Collaboration & Stakeholder Alignment: Partner with security, operations, and development teams to translate mission requirements into technical implementations that align with the approved platform roadmap and enterprise constraints. This is not a remote/hybrid position. You will be expected to work on-site daily in Colorado Springs, CO due to the fast pace, quick-turn nature of the job and the persistent need to access secure networks. Thus, residing in comfortable driving distance of Colorado Springs, CO should be considered. Qualifications About the Must Haves US Citizen and current active DoD Top Secret (TS) clearance with SCI eligibility Master's degree in Computer Science, Information Systems, and/or a related STEM discipline Minimum 10 years of progressive experience in cloud engineering, site reliability, DevSecOps, or infrastructure automation Possession of DoD 8570/8140-compliant IAT Level II security certification Possession of at least one of the following certifications: Azure Network Engineer Associate (AZ-700) Azure Solutions Architect Expert (AZ-305) Azure DevOps Engineer Expert (AZ-400) Certified Kubernetes Administrator (CKA) or equivalent Deep hands-on experience with Azure Cloud Services, including AKS, VNETs, Application Gateway, and VPNs Strong working knowledge of Kubernetes, GitOps, and CI/CD pipelines (GitLab, ArgoCD, Helm, Terraform/Bicep) Familiar with identity management (Keycloak, Active Directory) and secrets management (External Secrets Operator) Proficient in security automation, vulnerability scanning, and compliance-as-code integration Experience with observability stacks (Grafana, ELK, Loki, or equivalent) Understanding of hybrid-cloud and edge operations (Azure Arc, VDI environments) Excellent troubleshooting and problem-solving skills in complex, hybrid environments Strong documentation and collaboration habits At SPA, we strive to deliver a robust total compensation package that will attract and retain the top talent. Elements of the compensation package include competitive base pay and variable compensation opportunities. SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work. The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc. Please note that the salary information shown below is a general guideline only. Salaries are commensurate with experience and qualifications, as well as market and business considerations. Salary pay range: 175k - 250k.

Qualifications

About the Must Haves US Citizen and current active DoD Top Secret (TS) clearance with SCI eligibility Master's degree in Computer Science, Information Systems, and/or a related STEM discipline Minimum 10 years of progressive experience in cloud engineering, site reliability, DevSecOps, or infrastructure automation Possession of DoD 8570/8140-compliant IAT Level II security certification Possession of at least one of the following certifications: Azure Network Engineer Associate (AZ-700) Azure Solutions Architect Expert (AZ-305) Azure DevOps Engineer Expert (AZ-400) Certified Kubernetes Administrator (CKA) or equivalent Deep hands-on experience with Azure Cloud Services, including AKS, VNETs, Application Gateway, and VPNs Strong working knowledge of Kubernetes, GitOps, and CI/CD pipelines (GitLab, ArgoCD, Helm, Terraform/Bicep) Familiar with identity management (Keycloak, Active Directory) and secrets management (External Secrets Operator) Proficient in security automation, vulnerability scanning, and compliance-as-code integration Experience with observability stacks (Grafana, ELK, Loki, or equivalent) Understanding of hybrid-cloud and edge operations (Azure Arc, VDI environments) Excellent troubleshooting and problem-solving skills in complex, hybrid environments Strong documentation and collaboration habits At SPA, we strive to deliver a robust total compensation package that will attract and retain the top talent. Elements of the compensation package include competitive base pay and variable compensation opportunities. SPA provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work. The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, etc. Please note that the salary information shown below is a general guideline only. Salaries are commensurate with experience and qualifications, as well as market and business considerations. Salary pay range: 175k - 250k.

Responsibilities

SPA is seeking a Principal Platform Engineer to build, deploy, operate, sustain, and continuously enhance a secure, mission-ready Azure-based cloud environment within our Platform as a Service solution that supports software development, deployment, and operational execution across multiple environments, including classified. Our Platform includes development, staging, and production environments in IL4, IL5, IL6, and SCI. This is a hands-on engineering role with leadership responsibility for technical outcomes. You will lead by implementing and optimizing within an established architecture while ensuring adherence to best practices for reliability, security, and compliance. While this is a non-supervisory role, you will own the success of the SCI environment. You will organize work, align team priorities with platform objectives, and enable the productivity of a high-performing engineering team committed to mission delivery. Key responsibilities include but are not limited to the following: Platform Implementation & Integration: Execute platform builds and deployments in alignment with approved reference architectures, patterns, and standards. Integrate core platform services such as AKS, GitLab, ArgoCD, Keycloak, and Azure Arc into the environment with precision and compliance rigor. Operational Execution & Sustainment: Maintain and optimize day-to-day operations, including monitoring, scaling, patching, and securing workloads to ensure platform stability and compliance. Implement observability and monitoring solutions (Grafana, Loki, ELK, Azure Metrics Advisor) to achieve proactive, data-driven operations. Technical Leadership & Team Enablement: Serve as the senior technical lead for implementation details and operational best practices for the SCI environment. Drive disciplined execution, coach team members, and ensure consistency across automation, configuration, and security baselines. Security & Compliance Enforcement: Implement DevSecOps best practices, including automated security scanning (SAST/DAST, SBOM, Trivy, SonarQube), compliance-as-code pipelines, and continuous patching cycles. Ensure platform adherence to NIST 800-53/171, FedRAMP, and organizational cyber standards. Governance & Continuous Improvement: Participate in Configuration Management and Change Control Boards, providing technical assessments and recommendations. Identify and implement process and automation improvements to enhance reliability, deployment velocity, and mean time to recovery (MTTR). Collaboration & Stakeholder Alignment: Partner with security, operations, and development teams to translate mission requirements into technical implementations that align with the approved platform roadmap and enterprise constraints. This is not a remote/hybrid position. You will be expected to work on-site daily in Colorado Springs, CO due to the fast pace, quick-turn nature of the job and the persistent need to access secure networks. Thus, residing in comfortable driving distance of Colorado Springs, CO should be considered.