Tech Stack

Description

You will own and drive a consistent security posture across Point72's Linux fleet, building enforceable baselines, automated drift detection, and verified remediation patterns. You'll work within a sprint-based engineering team to define hardening intent, operate compliance workflows, and partner with security automation teams to deliver scalable, version-controlled security patterns.

Requirements

• 6+ years in Linux system administration or security engineering, 3+ focused on Linux security hardening
• Expertise with Ansible and infrastructure-as-code practices
• Hands-on experience with CIS Benchmarks for Linux and NIST CSF 2.0
• Experience with drift detection tooling and endpoint monitoring platforms (Qualys, CrowdStrike)
• Working knowledge of SELinux/AppArmor, auditd, system hardening, and secure boot patterns

Responsibilities

• Own end-to-end Linux security baseline program including hardening intent per distribution and workload class
• Build and operate automated drift detection workflows with alerts and remediation paths
• Integrate Linux posture signals into access policy and detection pipelines
• Partner with security automation teams to build scalable, version-controlled delivery patterns
• Maintain exception governance discipline with time-bounded exceptions and burn-down reviews