Jump Host Admin

General Overview

Functional Area:  Information Technology (ITM)
Career Stream:  IT Infrastructure (INFR)
Role:  Specialist (SPE)
Job Title: Specialist, IT Infrastructure    
Job Code:  SPE-ITM-INFR
Job Level:  Level 08    
Direct/Indirect Indicator:  Indirect

Summary

We are seeking an experienced, compliance-driven RDL Jump Host Administrator to take ownership of the system administration, security, and access control of our global local jump hosts. Reporting directly to the Lead Network Architect, and working in close alignment with the RDL Network Administrator, you will manage secure access pathways into completely isolated, air-gapped lab networks across multiple HPS Design Centers (including San Jose, Richardson, Thailand, Shanghai, SongShan Lake, Penang, Chennai, and future sites).

The primary objective of this role is to ensure that remote connections terminating from corporate Zscaler ZTNA or customer CyberArk vPAM environments are securely processed, authenticated, and audited. Since our environments strictly prohibit Active Directory or domain joins, you will manage decentralized, local authentication configurations, shell environments, and session boundaries.

Crucially, you will implement and maintain the strict compliance frameworks required for Export Controlled VLANs—including interactive terms-of-use banners, mandatory user acceptance gates for shell access, and tamper-proof user-acceptance audit logging.

Core Responsibilities

1. Jump Host System Administration & Hardening

• Server Provisioning & Lifecycle: Deploy, configure, and maintain Linux-based (Rocky Linux, Ubuntu, CentOS) local jump host virtual machines operating on VMware vSphere or Microsoft Hyper-V clusters.
• Operating System Hardening: Apply strict CIS (Center for Internet Security) hardening benchmarks on all jump host operating systems. Ensure that no unauthorized software or corporate agents (e.g., CrowdStrike, ServiceNow, ClearPass, Windows Domain utilities) are installed or active on endpoints installed on the VLAN behind the Jump Host.
• Service Availability: Ensure the high availability, performance, patch status, and storage capacity of jump servers acting as gateways to the core RDL networks.

2. Export Control Compliance & Interactive Gates

• Export Control Shell Banners: Configure and manage interactive, mandatory user agreement screens (e.g., using custom shell login scripts, Pluggable Authentication Modules (PAM), or SSH ForceCommand) specifically for systems accessing Export Controlled VLANs.
• User Acceptance Verification: Ensure that users cannot acquire an interactive shell, run commands, or bypass the landing screen without explicitly reading and accepting the export control and NDA terms.
• Tamper-Proof Acceptance Logging: Implement and maintain robust, structured logging systems (using Rsyslog, Journald, or custom secure local logging scripts) that capture: 
  • The authenticated user's local/remote identifier.
  • Source IP and connection timestamp.
  • Explicit timestamped confirmation of the user's compliance acceptance.
• Log Archival & Integrity: Set up secure, write-only log forwarding or local hashing protocols to ensure audit logs of export-control acceptances cannot be modified or deleted by general users.

3. Identity, Access, & Session Management

• Decentralized Local Authentication: Programmatically or manually provision local Unix user accounts, localized Role-Based Access Control (RBAC), and SSH keys on all jump hosts.
• Remote Integration Support: Partner with corporate IT to ensure seamless hand-offs from Zscaler ZTNA (via local Zscaler App Connectors) and CyberArk vPAM sessions terminating on the jump hosts.
• Session Controls: Configure strict SSH timeouts, idle session terminations, and multi-factor authentication loops to prevent abandoned active connections.

4. Operations, Ticket Resolution & Collaboration

• Workplace Collaboration: Align daily with the RDL Network Administrator to coordinate VLAN mappings, firewall rule adjustments, and routing protocols necessary for jump host access.
• Engineering Support: Serve as a technical point of contact for HPS design engineers having credentialing, shell, or connection issues when entering secure environments.
• Incident & Audit Readiness: Assist the Lead Network Architect in pulling audit trails and access reports during compliance reviews, system security audits, or customer security evaluations.

Knowledge/Skills/Competencies

Required Technical Skills

• Linux Expertise (Expert Level): Mastery of Linux OS administration (Rocky Linux, RHEL, CentOS, Ubuntu) including shell scripting (Bash, Python), security policies, and package management.
• Secure Access & Authentication: Comprehensive knowledge of SSH daemon configuration (sshd_config), PAM (Pluggable Authentication Modules) stack configuration, and secure local authentication patterns.
• Audit & Log Engineering: Proven experience configuring structured logging systems, syslog routing, Rsyslog, or Journald to create secure, immutable compliance audit trails.
• Access Technologies: Familiarity with Zscaler ZTNA (App Connectors), CyberArk vPAM, and Virtual Private Network (VPN) architectures.
• Virtualization Basics: Practical experience administering virtual machines, virtual switches, and storage within VMware ESXi / vCenter or Microsoft Hyper-V.

Preferred Certifications

• Red Hat Certified System Administrator (RHCSA) or Engineer (RHCE)
• CompTIA Linux+ or Linux Foundation Certified SysAdmin (LFCS)
• CompTIA Security+ or GISF (GIAC Information Security Fundamentals)
• CyberArk Certified Sentry or Trustee

Soft Skills & Working Style

• Extreme Attention to Detail: Precise, systematic approach to system configuration, security rules, and audit trail maintenance.
• High Integrity: Uncompromising commitment to maintaining security barriers, compliance standards, and ethical handling of export-controlled hardware and software.
• Excellent Communicator: Strong written and verbal communication skills, necessary for writing technical LLD/SOP documentation, explaining access gates to end-users, and coordinating with the RDL Network Architect.

Physical Demands

• Duties of this position are performed in a normal office environment.

• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Education & Experience

• Bachelor’s degree in Network/System Administration, Computer Science, Cybersecurity, or equivalent technical experience.

• 4+ years of dedicated experience in Linux System Administration, with a strong focus on secure system hardening, user management, and compliance auditing.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.