Senior Infrastructure Automation & Migration Engineer

Job Title: Senior Infrastructure Automation & Migration Engineer

Location: 100% Remote

Duration: 3 months

Description:

Extend existing production Aria Automation environment with new virtual machine templates for SSM and SentinelOne self-registration

Build reusable, parameterized templates across Aria Automation, Terraform, and Ansible

Support for all three OS types: Windows, Linux, and macOS (Intel-based)

Integrate with existing CI-driven provisioning and deprovisioning workflows already in place

Treat the existing production environment with care — validate all changes in non-production before any production promotion. Attention to detail and clear team communication of possible clear assessment of production impact it imperative.

AWS SSM Integration

Automate SSM Agent installation and registration as part of every provisioning workflow

Configure hybrid activation codes for all on-premises (non-EC2) targets across all OS types

Validate SSM registration before marking provisioning complete

SentinelOne Integration

Automate SentinelOne agent installation and silent deployment for Windows, Linux, and macOS.

Develop hands-off integration with SentinelOne so that any defined exclusions are in place at SentinelOne installation time.

Confirm agent check-in as a provisioning completion gate.

Security Team Collaboration

Work directly with the internal Security group to define and validate required exclusion sets.

Work directly with internal security group to define system integration for up-front exclusions activation process.

Collaborate with Security to develop and document a formal exclusions process — covering what exclusions are permissible, how they are requested, reviewed, and approved.

GitLab & CI/CD Pipeline Development

Maintain all code in GitLab with regular, meaningful check-ins, pull requests and regular reviews with team.

Follow generally accepted software development practices: branching strategies, merge requests, commit hygiene, and code review

Build and maintain GitLab CI pipelines for linting, validation, testing, and deployment of provisioning and migration code

Implement pipeline stages for Dev, Staging, and Production promotion with appropriate approval gates

Use Artifactory to store and retrieve binary dependencies.

Organize repositories clearly so the internal team can understand, maintain, and extend the work after the engagement ends.

Skills:

Required Skills

Area

Requirement

Aria Automation

Hands-on experience with production VMware Aria / vRealize Automation 8.x environments; Cloud Assembly, ABX or vRO

Terraform, Proficient with HCL, modules, state management; vSphere, AWS, and Proxmox providers, Ansible

Experience writing playbooks and roles for OS configuration, agent deployment, and migration tasks AWS SSM

Hands-on with SSM Agent deployment, hybrid activations for on-premises targets, and IAM configuration SentinelOne

Experience with agent deployment across Windows, Linux, and macOS; Management Console API Proxmox

Familiarity with Proxmox VE administration, VM/template management, storage, and networking VMware Migration

Experience exporting VMware VMs and converting to KVM/QEMU-compatible formats

Migration Tooling

Familiarity with virt-v2v, qemu-img, or equivalent VMware-to-KVM conversion tooling macOS Automation

Experience automating agent deployment and configuration on Intel-based macOS GitLab

Comfortable with GitLab repo management, branching, merge requests, and regular check-in discipline GitLab CI

Proficient building .gitlab-ci.yml pipelines with multi-stage, multi-environment deployments Artifactory

Familiarity with JFrog Artifactory for artifact storage and pipeline integration

Secret Management

Experience integrating with 1Password Vaults for secret retrieval in scripts and pipelines

Scripting

Proficient in Bash, Python, and/or PowerShell

Collaboration

Proactive communicator — comfortable asking questions, raising risks early, and working closely with a team leader and infrastructure team

Security Collaboration

Demonstrated ability to work cross-functionally with Security teams on exclusion processes and token governance

Nice to Have

Experience with Packer for building Proxmox or VMware VM templates

Familiarity with HashiCorp Vault or AWS Secrets Manager

Prior work in security-conscious environments (SOC 2, FedRAMP, etc.)

Experience with large-scale VMware-to-KVM or VMware-to-Proxmox migrations

Experience with GitLab Environments and deployment tracking

Experience integrating provisioning or migration workflows with ITSM tools (e.g., ServiceNow)

.

Education:

Rough Milestones

Milestone

1Environment access; review of existing Aria Automation setup and CI workflows; full VM inventory and VMware dependency assessment begins; initial Security team meeting; GitLab repo and Artifactory structure established

2Aria Automation templates with SSM + SentinelOne registration working in non-prod for Windows and Linux; first Security review checkpoint; GitLab CI pipeline validating templates

3macOS (Intel) provisioning integration complete; Terraform and Ansible equivalents with full GitLab CI pipeline promotion workflow

4Exclusions process documented and approved by Security; all token handling via 1Password validated; artifacts managed through Artifactory

5 Proxmox capacity planning complete; Proxmox environment validated as migration target; migration script toolkit v1 complete; non-production migration runs executed and validated

6 Migration scripts hardened with error handling, rollback, and post-migration validation; production migration pipeline ready with change management gates

7 All documentation and runbooks delivered; Proxmox platform readiness report; migration runbook finalized; knowledge transfer completed

Key Constraints

Availability during US business hours (west coast) with reliable overlap for team meetings and Security review sessions

All code must be in GitLab with regular, meaningful check-ins.

All exclusions must be reviewed and approved by the internal Security team before implementation

Agent installers and dependencies must be sourced through Artifactory — not pulled directly from the internet during pipeline runs

Live migration is preferred — downtime migrations require prior coordination and agreement with affected end-users

Contractor must proactively self-review for VMware-specific dependencies and consult with the team leader before proceeding with any uncertain migration

Production migrations must follow internal change management processes with documented rollback procedures

All work product is owned by the organization upon engagement close

Working Style Expectations

Ask early, ask often — the team leader is available and expects the contractor to raise questions and concerns proactively rather than making assumptions.

Self-sufficient enough to identify and research VMware-specific edge cases independently, but collaborative enough to validate findings with the team before acting. Recommendations and thoughts are welcome to discuss to make final decisions in a clear and open communication environment.

Treat the production environments (5 years, 300TB, 1,500–2,000 VMs) with appropriate care — no production changes without validation and team alignment.

Code should be written as if the internal team will maintain it after the engagement ends — readable, documented, and well-organized