Responsibilities
- Evaluate, deploy, and sustain security hardening standards such as CIS Benchmarks, STIGs, or similar across Linux systems, hypervisors, and cloud control planes using automation tools like Ansible and Terraform.
- Identify and resolve infrastructure-level vulnerabilities in operating systems and platform services including OpenStack, Ceph, and Kubernetes, with consistent asset tracking, patching timelines, and risk-based prioritization.
- Collaborate with DevSecOps Engineers to align infrastructure security with secure software development lifecycle practices and address application and pipeline vulnerabilities.
- Lead technical contributions during internal and external audits by gathering evidence, documenting control implementations, and responding to auditor inquiries, aligned with ISO 27001 and other compliance standards.
- Operate and enhance core Linux-based platform services, contributing to automation, incident response, capacity planning, and system reliability.
- Design and refine logging, monitoring, and alerting systems in coordination with security, platform, and SRE teams to meet both operational and security monitoring needs.
- Document security baselines, controls, and operational processes clearly to ensure they are repeatable, testable, and audit-compliant.
Responsibilities
- Assess, implement, and maintain security hardening (CIS Benchmarks, STIGs, or equivalent) across Linux hosts, hypervisors, and the cloud control plane, using automated baselines with tools such as Ansible and Terraform.
- Track and remediate vulnerabilities at the infrastructure layer, including operating systems and platform components such as OpenStack, Ceph, and Kubernetes, maintaining accurate inventory, patch SLAs, and risk-based prioritization.
- Coordinate with the DevSecOps Engineer on application- and pipeline-layer remediation, ensuring alignment between platform hardening and SSDLC practices.
- Serve as a primary technical contributor to internal and external audits, including evidence collection, control narratives, and responses to auditor questions, mapping work to ISO 27001 and other relevant frameworks.
- Operate and improve core platform services on Linux infrastructure, contributing to automation, capacity planning, incident response, and reliability engineering.
- Help design logging, monitoring, and alerting that support both operational and security use cases, in collaboration with platform, security, and SRE teams.
- Document hardening baselines, security controls, and operational procedures clearly so that they are repeatable, testable, and auditable.