Data Architecture Consultant - Expert; Automation Engineer

Position: Data Architecture Consultant - Expert (Automation Engineer)
Pay rate range - $83/hr. to $86/hr onsite

Apache HTTP Server & Tomcat Design + Ansible Automation Engineer
Design resilient, secure, and scalable Apache HTTP Server (httpd) and Apache Tomcat platforms for Java web applications. Build Ansible automation to provision, harden, operate, and upgrade httpd and Tomcat across dev/stage/prod. Partner with SRE, Security, and App teams to deliver high availability, predictable performance, and hands‑off operations via Git Ops and CI/CD.

Responsibilities
Architecture & Operations (Apache HTTPD + Tomcat)

Design reverse proxy and app tier topologies

Single or dual Apache HTTPD layers (edge and internal), terminating TLS; _http or AJP (with hardening) to Tomcat.

Active/active Tomcat clusters with load balancing & health checks (at Apache layer or external LB).

Session management strategy: sticky sessions via cookie, or session replication/Redis‑backed sessions when stickiness is not possible.

Performance engineering

Apache MPM tuning (event/prefork), worker counts, Keep Alive, compression, caching (), HTTP/2 where feasible.

Tomcat connector threads, accept

Count, connection

Timeout, JVM sizing (Xms/Xmx), GC tuning (G1/Parallel), and thread pools.

Connection reuse (HTTP keep‑alive), upstream timeouts, and proper buffer sizing.

High availability & scaling

Multi‑AZ/region design, zero‑downtime rolling deploys, blue/green cutovers.

Canarying via path/host routing and weighted backends (LB or Apache Proxy Pass with status routes).

Security hardening

TLS 1.2+ (ideally 1.3) with strong cipher suites, HSTS, OCSP stapling; cert rotation via ACME/Let's Encrypt or enterprise PKI.

Disable insecure HTTP methods; harden headers (CSP, X-Frame-Options, X-Content-Type-Options).

For AJP, bind to localhost or private subnets, set secret

Required="true" with secret, or disable AJP unless required.

Tomcat hardening: remove default apps, lock down manager/host‑manager, JMX protection, minimal privileges, log sanitization.

Lifecycle management

Patch, upgrade, and config rollouts with Ansible; drift detection & remediation.

Runbooks for incident handling, failover, and rollbacks.

Ansible Automation

Develop idempotent Ansible roles and collection‑based playbooks for

OS hardening, users/groups, limits, sysctl, firewalld/ufw.

Apache install, vhosts, TLS, reverse proxy config, headers, logrotate.

Tomcat install (tar or distro), systemd service, server.xml, connectors, JVM/GC flags, keystores, context.xml, logging.

Application deployment hooks (WAR rollout with pre/post checks), health checks, and rollback.

Rolling updates (serial strategy), blue/green or canary via inventory groups or variables.

Integrations: JMX exporter, , metrics/log shipping agents.

Safety guards: pre‑flight checks (ports, disk, Java version), post‑verify (HTTP 200/health, JMX metrics thresholds), and automated backout.

Collaboration & Governance

Partner with App teams for capacity, route maps, and deployment patterns.

Define standards, runbooks, and design docs; perform DR tests.

Align with security frameworks (CIS, SOC2/ISO/PCI as applicable).

Must Have Requirements

5+ years administering Apache HTTP Server and Apache Tomcat in production at scale.

3+ years Ansible (roles, collections, Molecule, CI/CD).

Strong Linux (RHEL), networking, TLS/PKI, and load balancing fundamentals.

JVM operation basics (heap/GC) and Java web app deployment experience.

Education

Post Secondary

#J-18808-Ljbffr