×
Register Here to Apply for Jobs or Post Jobs. X

Linux Security Lead

Job in New York, New York County, New York, 10261, USA
Listing for: Point72
Full Time position
Listed on 2026-07-11
Job specializations:
  • IT/Tech
    Cybersecurity, Unix/Linux
Salary/Wage Range or Industry Benchmark: 200000 - 300000 USD Yearly USD 200000.00 300000.00 YEAR
Job Description & How to Apply Below
Location: New York

A Career with Point
72’s Technology Team

As Point
72 reimagines the future of investing, our Technology team is constantly evolving our firm’s IT infrastructure and engineering capabilities, positioning us at the forefront of a rapidly evolving technology landscape. We’re a team of experts who experiment and work to discover new ways to harness open-source solutions, modern cloud architectures, and sophisticated Artificial Intelligence (AI) solutions, while embracing enterprise agile methodologies.

Our commitment to building and innovating in the AI space provides the framework intended to drive smarter decision making and enhance how we build and operate our platforms and applications.

As a member of Point
72’s Technology team, we encourage and support your professional development from day one—helping you advance your technical skills, contribute innovative ideas, and satisfy your own intellectual curiosity all while delivering real business impact for our multi-billion-dollar global business.

What you’ll do

As the Linux Security Lead, you will own and drive a consistent and enforceable security posture across the firm's Linux fleet — building enforceable baselines, automated drift detection, and verified remediation patterns that scale across a hybrid on-premises and cloud environment. You will report directly to the Head of Infrastructure Security and serve as the technical authority for Linux hardening, operating within a sprint-based engineering discipline and working closely with the Linux Infrastructure team.

Specifically, you will:

  • Own the Linux security baseline program end-to-end, including defining hardening intent per distribution and workload class (RHEL, Ubuntu, Amazon Linux), enforcing standards through Ansible and configuration management tooling, and driving continuous drift reconciliation.
  • Build and operate automated drift detection workflows by translating desired state into enforcement, generating alerts with remediation paths, and reducing MTTR for high-risk deviations.
  • Integrate Linux posture signals, including compliance state, vulnerability exposure, and audit telemetry, into broader access policy and detection pipelines.
  • Partner with security automation teams to build scalable, version‑controlled delivery patterns with validation and rollout safeguards.
  • Maintain exception governance discipline, such as time-bounded exceptions with explicit ownership, compensating controls, and regular burn-down reviews.
  • Drive verified vulnerability closure for Linux-specific exposure classes.
  • Establish and embed Linux-specific secure engineering principles, such as least privilege daemons, immutable configuration patterns, kernel hardening, and audit telemetry standards, into engineering standards and peer review processes.
  • Contribute to the firm's broader CIS Benchmark compliance posture, maintaining mappings to CIS Controls v8 and NIST CSF 2.0 for audit and regulatory defensibility.
What’s required
  • 6+ years of experience in Linux system administration or security engineering, with at least 3 years focused on Linux security hardening and compliance in an enterprise environment.
  • Demonstrated expertise with configuration management tooling, specifically Ansible, and infrastructure-as-code practices, including version control, peer review workflows, and pipeline-driven enforcement.
  • Hands‑on experience with CIS Benchmarks for Linux (RHEL, Ubuntu, or equivalent) and familiarity with the NIST Cybersecurity Framework (CSF 2.0) and STIG compliance frameworks.
  • Proven ability to build and operate drift detection and reconciliation tooling, as well as experience with Qualys, Crowd Strike, or equivalent endpoint monitoring platforms.
  • Working knowledge of Linux kernel security features such as SELinux or App Armor, auditd, system hardening, privilege separation, and secure boot patterns.
  • Experience operating in an engineering delivery model, specifically with sprint cadence, backlog prioritization, Definition of Done tied to verification, and peer review for high‑impact changes.
  • Strong collaboration skills with the ability to define and maintain explicit interfaces with adjacent teams and communicate posture risk…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary