Linux Security Lead

About The Position

Requirements

• 6+ years of experience in Linux system administration or security engineering, with at least 3 years focused on Linux security hardening and compliance in an enterprise environment.
• Demonstrated expertise with configuration management tooling, specifically Ansible, and infrastructure-as-code practices, including version control, peer review workflows, and pipeline-driven enforcement.
• Hands-on experience with CIS Benchmarks for Linux (RHEL, Ubuntu, or equivalent) and familiarity with the NIST Cybersecurity Framework (CSF 2.0) and STIG compliance frameworks.
• Proven ability to build and operate drift detection and reconciliation tooling, as well as experience with Qualys, CrowdStrike, or equivalent endpoint monitoring platforms.
• Working knowledge of Linux kernel security features such as SELinux or AppArmor, auditd, system hardening, privilege separation, and secure boot patterns.
• Experience operating in an engineering delivery model, specifically with sprint cadence, backlog prioritization, Definition of Done tied to verification, and peer review for high-impact changes.
• Strong collaboration skills with the ability to define and maintain explicit interfaces with adjacent teams and communicate posture risk clearly to technical and non-technical stakeholders.
• Commitment to the highest ethical standards.

Responsibilities

• Own the Linux security baseline program end-to-end, including defining hardening intent per distribution and workload class (RHEL, Ubuntu, Amazon Linux), enforcing standards through Ansible and configuration management tooling, and driving continuous drift reconciliation.
• Build and operate automated drift detection workflows by translating desired state into enforcement, generating alerts with remediation paths, and reducing MTTR for high-risk deviations.
• Integrate Linux posture signals, including compliance state, vulnerability exposure, and audit telemetry, into broader access policy and detection pipelines.
• Partner with security automation teams to build scalable, version‑controlled delivery patterns with validation and rollout safeguards.
• Maintain exception governance discipline, such as time-bounded exceptions with explicit ownership, compensating controls, and regular burn-down reviews.
• Drive verified vulnerability closure for Linux-specific exposure classes
• Establish and embed Linux-specific secure engineering principles, such as least privilege daemons, immutable configuration patterns, kernel hardening, and audit telemetry standards, into engineering standards and peer review processes.
• Contribute to the firm's broader CIS Benchmark compliance posture, maintaining mappings to CIS Controls v8 and NIST CSF 2.0 for audit and regulatory defensibility.

Benefits

• Fully-paid health care benefits
• Generous parental and family leave policies
• Mental and physical wellness programs
• Volunteer opportunities
• Non-profit matching gift program
• Support for employee-led affinity groups representing women, minorities and the LGBT+ community
• Tuition assistance
• A 401(k) savings program with an employer match and more