More jobs:
Data Architecture Consultant - Expert; Automation Engineer
Job Description & How to Apply Below
Pay rate range - $83/hr. to $86/hr onsite
Apache HTTP Server & Tomcat Design + Ansible Automation Engineer
Design resilient, secure, and scalable Apache HTTP Server (httpd) and Apache Tomcat platforms for Java web applications. Build Ansible automation to provision, harden, operate, and upgrade httpd and Tomcat across dev/stage/prod. Partner with SRE, Security, and App teams to deliver high availability, predictable performance, and hands‑off operations via Git Ops and CI/CD.
Responsibilities
Architecture & Operations (Apache HTTPD + Tomcat)
Design reverse proxy and app tier topologies
Single or dual Apache HTTPD layers (edge and internal), terminating TLS; _http or AJP (with hardening) to Tomcat.
Active/active Tomcat clusters with load balancing & health checks (at Apache layer or external LB).
Session management strategy: sticky sessions via cookie, or session replication/Redis‑backed sessions when stickiness is not possible.
Performance engineering
Apache MPM tuning (event/prefork), worker counts, Keep Alive, compression, caching (), HTTP/2 where feasible.
Tomcat connector threads, accept
Count, connection
Timeout, JVM sizing (Xms/Xmx), GC tuning (G1/Parallel), and thread pools.
Connection reuse (HTTP keep‑alive), upstream timeouts, and proper buffer sizing.
High availability & scaling
Multi‑AZ/region design, zero‑downtime rolling deploys, blue/green cutovers.
Canarying via path/host routing and weighted backends (LB or Apache Proxy Pass with status routes).
Security hardening
TLS 1.2+ (ideally 1.3) with strong cipher suites, HSTS, OCSP stapling; cert rotation via ACME/Let's Encrypt or enterprise PKI.
Disable insecure HTTP methods; harden headers (CSP, X-Frame-Options, X-Content-Type-Options).
For AJP, bind to localhost or private subnets, set secret
Required="true" with secret, or disable AJP unless required.
Tomcat hardening: remove default apps, lock down manager/host‑manager, JMX protection, minimal privileges, log sanitization.
Lifecycle management
Patch, upgrade, and config rollouts with Ansible; drift detection & remediation.
Runbooks for incident handling, failover, and rollbacks.
Ansible Automation
Develop idempotent Ansible roles and collection‑based playbooks for
OS hardening, users/groups, limits, sysctl, firewalld/ufw.
Apache install, vhosts, TLS, reverse proxy config, headers, logrotate.
Tomcat install (tar or distro), systemd service, server.xml, connectors, JVM/GC flags, keystores, context.xml, logging.
Application deployment hooks (WAR rollout with pre/post checks), health checks, and rollback.
Rolling updates (serial strategy), blue/green or canary via inventory groups or variables.
Integrations: JMX exporter, , metrics/log shipping agents.
Safety guards: pre‑flight checks (ports, disk, Java version), post‑verify (HTTP 200/health, JMX metrics thresholds), and automated backout.
Collaboration & Governance
Partner with App teams for capacity, route maps, and deployment patterns.
Define standards, runbooks, and design docs; perform DR tests.
Align with security frameworks (CIS, SOC2/ISO/PCI as applicable).
Must Have Requirements
5+ years administering Apache HTTP Server and Apache Tomcat in production at scale.
3+ years Ansible (roles, collections, Molecule, CI/CD).
Strong Linux (RHEL), networking, TLS/PKI, and load balancing fundamentals.
JVM operation basics (heap/GC) and Java web app deployment experience.
Education
Post Secondary
#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×