Infrastructure Engineer – Critical Systems

Description

Job Summary: Infrastructure Engineer specialized in critical systems, focused on regulated platforms (SPEI), ensuring availability, security, and regulatory compliance. Key Highlights: 1. Operation of critical systems in regulated environments (SPEI). 2. Experience with Linux, JBoss, Oracle, and VMware vSphere/ESXi. 3. Strong focus on security, monitoring, and operational continuity. DESCRIPTION Infrastructure Engineer specialized in the operation of **critical systems**, with experience in **Red Hat Linux**, **JBoss (EAP/WildFly)**, **Oracle**, and **VMware vSphere/ESXi**, focused on regulated platforms (SPEI). Responsible for ensuring availability, security, regulatory compliance, monitoring, and operational continuity, with strong orientation toward auditing, documentation, and change management. REQUIREMENTS Mandatory: * Infrastructure/SysAdmin experience with Red Hat Linux in production-critical environments. * Proven experience with JBoss (EAP/WildFly): installation, configuration, security, deployments, and troubleshooting. * Oracle at application operations level: connections, replicas/standby, integrity verification and recovery; reading AWR/ASH reports in coordination with DBA teams. * VMware vSphere/ESXi: administration, snapshots, templates, resource management. * Monitoring (Zabbix/Prometheus/Nagios/Dynatrace/etc.) and log centralization (ELK/Splunk/SIEM). * Security: certificate management (PKI), hardening, FIM, antivirus/EDR, vulnerability response. * Change management in regulated environments; documentation and audit evidence preparation. Desirable: * Direct knowledge of the SPEI ecosystem and practices within the Banxico financial environment. * Backups/DR: experience with backup orchestration and DR testing aligned to RTO/RPO. * Exposure to regulations: internal controls, Banxico/CNBV guidelines, NIST/ISO 27001, cyber resilience. * Scripting for log analysis, parsing, and health checks. **Essential Technical Skills** * Linux (RHEL) administration: patching, hardening, user management, sudoers, SELinux, services, and tuning. * Installation, configuration, and hardening of JBoss (EAP/WildFly); deployments, datasources, Oracle connectivity, logging, and performance. * Oracle operations: SPEI schema management, integrity testing, replica/standby verification (Data Guard or equivalents), and application-level recovery. * VMware vSphere/ESXi administration: provisioning, snapshots, resource pools, templates, and backups. * Certificate management (TLS/Mutual TLS) and keystore/truststore maintenance in JBoss. * Antivirus/EDR and File Integrity Monitoring (OSSEC/Wazuh/Tripwire) operations. * Vulnerability scanning, prioritization, and remediation (OS, JBoss, libraries, JVM). * Monitoring of critical processes and metrics (middleware, logs, thresholds). * Log centralization and analysis (SIEM/ELK/Splunk/Cloud). * Change management, rollbacks, and audit evidence generation. **Desirable Technical Skills** * Experience with SPEI and the financial regulatory environment (Banxico/CNBV). * Backup orchestration and DR testing aligned to RTO/RPO. * Knowledge of NIST/ISO 27001 and cyber resilience. * Scripting for automation and analysis. **Responsibilities** Operations and Platform * Linux (RHEL) system administration. * JBoss installation, configuration, hardening; deployments and troubleshooting. * Coordination with DBAs and operational management of the SPEI schema. * Data integrity testing and Oracle replica/standby verification. * VMware vSphere/ESXi administration. Security and Compliance * Certificate (TLS/Mutual TLS) request, renewal, deployment, and rotation. * Access control management, privileged accounts, MFA, segregation of duties, and just-in-time access. * Antivirus/EDR and FIM operations with documented remediations. * Vulnerability scanning and remediation with evidence and justified exceptions. * Maintenance of logs, updated diagrams, and support for internal/external audits (Banxico/CNBV). Continuity and Monitoring * Monitoring of critical SPEI processes, queues, response times, and middleware metrics. * Log management and analysis; retention and basic forensic analysis. * Planning and execution of changes with rollbacks and communication to involved areas. * Functional/technical SPEI analysis and testing in controlled environments; configuration backup.