Linux STIG Engineer

The Linux STIG Compliance & Patching Engineer is responsible for implementing, maintaining, and automating Department of Defense Security Technical Implementation Guide (STIG) controls across Red Hat Enterprise Linux (RHEL) systems. This role ensures that all Linux environments meet required cybersecurity hardening standards, remain fully patched, and support secure operations throughout the enterprise.

• Develop, implement, and maintain STIG‑compliant configurations for Red Hat Enterprise Linux systems.
• Perform continuous security patching, vulnerability remediation, and system hardening aligned with DoD STIG, DISA, and organizational security policies.
• Build, refine, and automate compliance processes using tools such as Ansible, Bash scripting, Red Hat Satellite, SCAP, and OpenSCAP.
• Coordinate with cybersecurity, infrastructure, and application teams to validate patch schedules, evaluate risk, and ensure operational readiness.
• Document procedures, hardening standards, test plans, and validation results.
• Troubleshoot STIG‑related system issues and provide SME‑level guidance on secure OS configuration.
• Monitor vulnerability advisories (RHSA, CVEs, USCYBERCOM directives) and plan timely remediation.
• Support system accreditation, RMF requirements, and audit response activities.
• Contribute to automation frameworks to improve repeatability and reduce manual patching efforts.

• Strong experience with Red Hat Enterprise Linux administration.
• Hands‑on experience implementing DoD STIGs, SCAP/OVAL scanning, and security hardening.
• Proficiency in automation and configuration management (Ansible, Shell scripting).
• Understanding of CVE lifecycle, vulnerability management, and patch management processes.
• Familiarity with security frameworks including RMF, NIST 800‑53, DISA STIGs, and ACAS/Tenable outputs.
• Ability to analyze scan results and apply documented findings to remediate compliance gaps.
• Strong troubleshooting and documentation skills.

• Experience with Red Hat Satellite, Ansible Tower/AWX, or equivalent automation tools.
• Security certifications such as Security+, Linux+, RHCSA/RHCE, or CIS benchmarks.
• Experience in DoD or highly regulated security environments.
• Knowledge of secure configuration baselines and infrastructure‑as‑code patterns.

• Strong communication and collaboration skills.
• Ability to work independently in a secure, compliance‑driven environment.
• Detail‑oriented mindset with a focus on accuracy and repeatability.

• Competitive health, dental and vision insurance with affordable premiums
• Flexible work schedules
• Two different flexible spending account options
• Company‑paid life insurance with options for employee‑paid additional
• Performance bonus program
• Education reimbursement program
• Company‑paid personal leave for approved philanthropic activities
• Vacation, Sick & Holiday leave
• Robust 401k profit sharing plan
• Opportunities for internal promotions
• Employee referral incentive program
• Rewards and gifts for service anniversaries

Disability Accommodation for Applicants – DESE Research, Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may use the following alternative email address or phone number to contact us about your interest in employment with us:  or x123.