Linux Specialist

Linux Security Lead (Financial Trading experience)

Location: New York City, NY (3 days in office)

Full-time role with salary bonus

Must haves:

• Must have “Linux command line interface”

• Must have Financial Trading experience

Job Overview:

As the Linux Security Lead, you will own and drive a consistent and enforceable security posture across the firm's Linux fleet — building enforceable baselines, automated drift detection, and verified remediation patterns that scale across a hybrid on-premises and cloud environment. You will report directly to the Head of Infrastructure Security and serve as the technical authority for Linux hardening, operating within a sprint-based engineering discipline and working closely with the Linux Infrastructure team. Specifically, you will:

Job Description:

• Own the Linux security baseline program end-to-end, including defining hardening intent per distribution and workload class (RHEL, Ubuntu, Amazon Linux), enforcing standards through Ansible and configuration management tooling, and driving continuous drift reconciliation.

• Build and operate automated drift detection workflows by translating desired state into enforcement, generating alerts with remediation paths, and reducing MTTR for high-risk deviations.

• Integrate Linux posture signals, including compliance state, vulnerability exposure, and audit telemetry, into broader access policy and detection pipelines.

• Partner with security automation teams to build scalable, version controlled delivery patterns with validation and rollout safeguards.

• Maintain exception governance discipline, such as time-bounded exceptions with explicit ownership, compensating controls, and regular burn-down reviews.

• Drive verified vulnerability closure for Linux-specific exposure classes

• Establish and embed Linux-specific secure engineering principles, such as least privilege daemons, immutable configuration patterns, kernel hardening, and audit telemetry standards, into engineering standards and peer review processes.

• Contribute to the firm's broader CIS Benchmark compliance posture, maintaining mappings to CIS Controls v8 and NIST CSF 2.0 for audit and regulatory defensibility.

What’s required:

• 6 years of experience in Linux system administration or security engineering, with at least 3 years focused on Linux security hardening and compliance in an enterprise environment.

• Demonstrated expertise with configuration management tooling, specifically Ansible, and infrastructure-as-code practices, including version control, peer review workflows, and pipeline-driven enforcement.

• Hands-on experience with CIS Benchmarks for Linux (RHEL, Ubuntu, or equivalent) and familiarity with the NIST Cybersecurity Framework (CSF 2.0) and STIG compliance frameworks.

• Proven ability to build and operate drift detection and reconciliation tooling, as well as experience with Qualys, CrowdStrike, or equivalent endpoint monitoring platforms.

• Working knowledge of Linux kernel security features such as SELinux or AppArmor, auditd, system hardening, privilege separation, and secure boot patterns.

• Experience operating in an engineering delivery model, specifically with sprint cadence, backlog prioritization, Definition of Done tied to verification, and peer review for high-impact changes.

• Strong collaboration skills with the ability to define and maintain explicit interfaces with adjacent teams and communicate posture risk clearly to technical and non-technical stakeholders.

• Commitment to the highest ethical standards.