• Design, develop, and maintain modular, composable Terraform code that codifies the entire infrastructure estate across cloud accounts and environments. • Build a library of well-tested, reusable Terraform modules with clear interfaces, semantic versioning, and comprehensive documentation. • Implement Terraform automation pipelines using GitHub Actions, GitLab CI, Atlantis, Terraform Cloud, or Spacelift, with plan/apply gating, drift detection, and policy enforcement. • Define and enforce policy-as-code using Sentinel, Open Policy Agent (OPA), Conftest, or Checkov to prevent insecure or non-compliant infrastructure changes. • Manage Terraform state at scale with appropriate backend strategies, state locking, workspace organization, and disaster recovery patterns. • Drive multi-account, multi-region, and multi-cloud infrastructure provisioning strategies with clear isolation, naming, and tagging standards. • Implement infrastructure testing including unit tests with terraform-compliance, integration tests with Terratest, and policy tests across pull requests. • Collaborate with security, networking, and platform teams to embed guardrails directly into reusable modules and pipelines. • Standardize patterns for secrets management, identity federation, and least-privilege IAM through reusable Terraform abstractions. • Lead migrations from legacy, ClickOps, or non-IaC infrastructure into managed Terraform footprints with minimal disruption. • Drive cost optimization, tagging hygiene, and lifecycle management across the Terraform-managed estate. • Mentor engineering teams on Terraform best practices, anti-patterns, and pull-request review standards. • Maintain comprehensive runbooks, architecture diagrams, and onboarding materials for the infrastructure platform. • Stay current with Terraform, OpenTofu, and broader IaC ecosystem developments and recommend adoption where beneficial.

• Design and develop network automation solutions in Python using Netmiko, Nornir, NAPALM, and Scrapli • Build automation pipelines for configuration management, deployment, and validation across multi-vendor environments • Develop integrations with network APIs including NETCONF, RESTCONF, gNMI, and vendor-specific APIs • Implement source-of-truth platforms such as NetBox or Nautobot and drive automation from authoritative data • Build infrastructure-as-code for network configuration using Ansible, Terraform, and Jinja2 templating • Implement network testing and validation using pyATS, Genie, Batfish, and Suzieq • Develop CI/CD pipelines for network changes including pre-deployment validation and rollback • Build observability and telemetry pipelines using gNMI, streaming telemetry, and modern analytics platforms • Implement intent-based networking patterns and self-healing network workflows • Automate compliance and audit workflows across the network estate • Partner with network engineering teams to identify and automate high-impact manual workflows • Develop reusable libraries, frameworks, and abstractions adopted across multiple automation efforts • Mentor network engineers on Python development, software engineering practices, and modern automation patterns • Stay current with network automation tooling, vendor API evolution, and broader industry developments.

Title: Ansible Automation Engineer Location: Remote Department: Government Programs Job Description: Ansible Automation Engineer About Trilogy Innovations At Trilogy Innovations, we are committed to driving meaningful change for our customers and communities through smart, innovative technology that solves real problems. As a growing systems and software engineering company, we partner across public and private sectors to modernize enterprise systems, strengthen security, and deliver high value solutions. We are scaling with purpose, investing in our people, processes, and platforms as we expand. We work hard, think creatively, and value every perspective as we push boundaries and build systems that matter. Location: Approximately 90% remote, with up to five (5) onsite days per month at the BPA Ross Complex / Dittmer Control Center, Vancouver, WA. Clearance Level: DOE Security Badge + NBIS eApp (existing federal clearance preferred) About The Role Trilogy Innovations is seeking an Ansible Automation Engineer to be the program’s subject-matter expert for Red Hat Ansible Automation Platform (AAP). The engineer designs and delivers automation strategy across the RHEL estate, builds and maintains reusable roles and collections, integrates AAP with source control and CI/CD, and uplifts the broader engineering team’s automation practice. The role is concentrated on the program’s automation-focused milestones, with periods of full-time engagement and a planned coverage gap during Aug-Sep 2026. Who You Are The Ansible Automation Engineer is the program's subject-matter expert for Red Hat Ansible Automation Platform (AAP). You design and deliver automation strategy across the RHEL estate, build and maintain reusable roles and collections, integrate AAP with source control and CI/CD, and uplift the broader engineering team's automation practice. This role supports the BPA-26-RFP-5852 MCIT Replatforming RHEL program for the Bonneville Power Administration. Period of performance is June 1, 2026 through May 31, 2027 (12 months, milestones M1–M6). The role is concentrated on the program's automation-focused milestones (M1 and M3–M5), with periods of full-time engagement and a planned coverage gap during August–September 2026. What you will do Automation Strategy and Platform Engineering - Lead the design of Ansible automation strategy across infrastructure, configuration management, security remediation, and application deployment. - Build, document, and maintain reusable Ansible roles, collections, and execution environments aligned to enterprise standards. - Stand up and operate Ansible Automation Platform (controller, hub, EDA where applicable); manage projects, inventories, credentials, and job templates. Integration and CI/CD - Integrate AAP with Git/GitLab, GitLab CI / Jenkins / Bamboo pipelines, Red Hat Satellite, Identity Management, and ticketing systems. - Develop Molecule test suites and automated linting (ansible-lint, yamllint) to support a CI-driven content lifecycle. Day-2 Operations and Compliance - Author automation for STIG remediation, patching, certificate lifecycle, and routine day-2 operations. - Partner with the Team Lead and Security Engineer on compliance-as-code and audit evidence collection. Team Enablement - Mentor engineers and run periodic office hours and training to grow team automation capability. - Document patterns, anti-patterns, and reference implementations for the broader team. How Success Is Measured Success in this role is defined by delivering scalable, reliable automation that improves efficiency and supports program goals. You will be successful if you: - Develop and implement a clear automation strategy aligned to program milestones - Build reusable, well-documented Ansible content adopted across the team - Successfully deploy and integrate AAP with enterprise tools and CI/CD pipelines - Deliver automation for patching, compliance, and day-2 operations - Improve system consistency, speed, and reliability through automation - Support compliance and contribute to audit readiness - Mentor team members and increase overall automation maturity What you Bring We require: - Bachelor of Science in Computer Science, Engineering, Information Systems, or a related field; equivalent professional experience accepted. - Minimum 7 years of IT engineering experience, including 3+ years dedicated to Ansible-based automation at enterprise scale. - Red Hat Certified Engineer (RHCE) AND a current Red Hat Ansible certification (per BPA-26-RFP-5852 staffing requirements). Acceptable Ansible certifications include Red Hat Certified Specialist in Ansible Automation, Specialist in Managing Automation with AAP, or Specialist in Developing Automation with AAP. - Expert-level Ansible Automation Platform engineering: roles, collections, dynamic inventory, Vault, execution environments, and workflow templates. - Strong RHEL administration foundation; ability to write idempotent automation against complex systems. - Proficiency with Git, GitLab/GitHub, branching strategies, and at least one CI/CD platform (GitLab CI, Jenkins, Bamboo). - Working knowledge of Python; comfort writing custom Ansible modules or filter plugins as needed. - Experience integrating Ansible with Red Hat Satellite, Identity Management (FreeIPA/IdM/Keycloak), and PKI tooling (OpenSSL, Dogtag). - Familiarity with monitoring and observability stacks (Prometheus, Grafana, Nagios, Zabbix) for automation telemetry. - Ability to obtain a DOE Security Badge and successfully adjudicate an NBIS eApp background investigation prior to start. Nice to have - Red Hat Certified System Administrator (RHCSA). - Multiple Red Hat Specialist credentials (Containers, OpenShift Automation and Integration). - CompTIA Security+. - Existing DOE badge or active federal clearance (Public Trust, Secret, Top Secret, or TS/SCI). Work Environment: Remote-first role with primary work location at the BPA Ross Complex / Dittmer Control Center, Vancouver, WA. Approximately 90% remote, with up to five (5) onsite days per month (flexible). Compensation and Benefits: Salary range: $150,000 - $160,000 - Competitive salary based on experience - Performance bonus eligibility - 401k with company match - Medical, dental, and vision coverage - Life and disability insurance - Health Savings Account - Professional development programs - Employee referral bonus program Why Trilogy Innovations At Trilogy Innovations, we believe strong teams build meaningful solutions. We deliver high quality systems and software engineering services across public and private sectors, supporting complex and mission critical environments with integrity, collaboration, and care. Since 2010, our talented team has partnered with organizations such as the FBI, U.S. Air Force, NASA, Department of Education, Department of Energy, DHS, SOCOM, and leading private sector clients. We are known for combining technical excellence with a thoughtful, people first approach. At Trilogy, you will work alongside smart, committed professionals in a supportive, learning oriented environment. We value innovation, accountability, and continuous growth, and we encourage our people to bring both expertise and humanity to the work they do. If you are looking to contribute to impactful work while growing your skills in a collaborative and forward-thinking organization, Trilogy Innovations is a place where you can do just that. Trilogy Innovations, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Applicant Privacy Notice We use this information to evaluate your application, communicate with you, verify your qualifications, and support our recruiting and hiring processes. If you are selected for a role, your information may be used for onboarding and employment purposes.Your information may be shared with authorized Trilogy personnel and trusted service providers, including our applicant tracking system, JazzHR. We may also disclose information where required by law or to protect our business and operations. We retain applicant information for as long as necessary to support recruiting activities and comply with legal requirements, typically up to two years after your application is no longer active.You may have the right to access, correct, or request deletion of your personal information, subject to applicable law. You may also update your information through your candidate profile.

• Client Support: Assist senior consultants in client engagements, participating in meetings, taking notes, and supporting technical assessments under guidance. • Kubernetes Security: Support the implementation of Kubernetes security controls including basic cluster hardening, network policies, and RBAC configurations while learning best practices. • Policy as Code Support: Help implement security policies using tools like OPA (Open Policy Agent) or Kyverno, working under the mentorship of senior team members. • Infrastructure as Code (IaC) Assistance: Support the development and review of secure IaC templates using Terraform, CloudFormation, or ARM templates with senior oversight. • Secrets Management Implementation: Assist in configuring and implementing secrets management solutions like HashiCorp Vault, AWS Secrets Manager, or Akeyless. • CI/CD Security Integration: Help integrate basic security controls into CI/CD pipelines using tools like GitHub Actions, GitLab CI, or Jenkins under senior guidance. • Cloud Security Research: Research and document cloud security best practices, tools, and emerging threats to support team knowledge sharing. • Documentation & Automation: Create documentation, scripts, and basic automation tools to support client deliverables and internal processes. • Learning & Development: Actively participate in mentorship programs, shadowing senior consultants, and pursuing relevant certifications. • Quality Assurance: Perform testing and validation of security configurations and automation scripts before client delivery.