Level 2; L2 Cloud Operations Engineer

Department

Operations

NOC Manager

Hybrid, Woburn, MA

Overnight: 10PM-6AM & First: 6AM-2PM

Full-Time, Exempt

$105,000 – $135,000

Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.

Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail.

The Cloud Operations Engineer (L2) is responsible for advanced troubleshooting, system administration, and application environment support across Knox’s cloud infrastructure. This role bridges operations, automation, and development support — maintaining system stability, executing changes, and ensuring compliance within FedRAMP Moderate, High, and IL4 environments. The ideal candidate has hands‑on experience operating compliance controlled cloud environments in a NOC/SOC setting, with deep familiarity with cloud infrastructure services, and experience responding to real‑time alerts, incidents, and escalations in production.

This is a shift‑based operations role within a 24x7 Network / Cloud Operations environment.

Team members are required to work assigned shifts, clock in for scheduled hours, and maintain continuous operational coverage. The role includes participation in a rotating on‑call schedule for after‑hours incidents and holiday coverage. This position is customer‑facing and requires professional interaction with customers during incident response, including answering support phone calls and attending customer meetings via Zoom or other collaboration tools.

• Perform advanced troubleshooting for infrastructure, OS, and application issues.
• Analyze system logs, metrics, and telemetry from monitoring platforms (Grafana, Datadog, Wiz, Crowdstrike).
• Coordinate with Platform/Dev Ops Engineers on root cause analysis and long‑term remediation.
• Ensure timely resolution of escalated incidents in accordance with SLAs.
• Manage and maintain AWS, Azure, and hybrid environments in accordance with NIST 800-53 controls.
• Execute system patching, upgrades, and configuration changes via automation or scripts.
• Perform health checks, deployment validations, and post‑change verifications.
• Maintain infrastructure documentation and system configuration inventories.
• Perform advanced application troubleshooting for web‑based applications, common application architectures.
• Troubleshoot app‑layer issues such as API failures, integration errors, or misconfigurations.
• Work with Dev Ops/Platform teams to optimize CI/CD deployment workflows and rollback plans.
• Ensure adherence to change management and deployment authorization processes.
• Create or modify automation scripts (Bash, Python, Power Shell) for maintenance and reporting tasks.
• Leverage Terraform, Ansible, or cloud‑native tools for provisioning and environment consistency.
• Proactively identify opportunities to automate recurring operational processes.
• Document system changes and incident response details for FedRAMP audits.
• Support Continuous Monitoring (Con Mon) activities through vulnerability reporting and patch compliance tracking.
• Assist in maintaining logs, baselines, and access control evidence.

• 3–5 years of experience in cloud operations, system administration, or infrastructure support.
• Hands‑on experience with Crowd Strike Falcon endpoint protection, including analyzing detections, reviewing IOM/IOA telemetry, assessing endpoint vulnerability exposure, and executing…