Linux Security Lead

A Career with Point72’s Technology Team As Point72 reimagines the future of investing, our Technology team is constantly evolving our firm’s IT infrastructure and engineering capabilities, positioning us at the forefront of a rapidly evolving technology landscape. We’re a team of experts who experiment and work to discover new ways to harness open-source solutions, modern cloud architectures, and sophisticated Artificial Intelligence (AI) solutions, while embracing enterprise agile methodologies. Our commitment to building and innovating in the AI space provides the framework intended to drive smarter decision making and enhance how we build and operate our platforms and applications. As a member of Point72’s Technology team, we encourage and support your professional development from day one—helping you advance your technical skills, contribute innovative ideas, and satisfy your own intellectual curiosity—all while delivering real business impact for our multi-billion-dollar global business What you’ll do As the Linux Security Lead, you will own and drive a consistent and enforceable security posture across the firm's Linux fleet — building enforceable baselines, automated drift detection, and verified remediation patterns that scale across a hybrid on-premises and cloud environment. You will report directly to the Head of Infrastructure Security and serve as the technical authority for Linux hardening, operating within a sprint-based engineering discipline and working closely with the Linux Infrastructure team. Specifically, you will: Own the Linux security baseline program end-to-end, including defining hardening intent per distribution and workload class (RHEL, Ubuntu, Amazon Linux), enforcing standards through Ansible and configuration management tooling, and driving continuous drift reconciliation. Build and operate automated drift detection workflows by translating desired state into enforcement, generating alerts with remediation paths, and reducing MTTR for high-risk deviations. Integrate Linux posture signals, including compliance state, vulnerability exposure, and audit telemetry, into broader access policy and detection pipelines. Partner with security automation teams to build scalable, version‑controlled delivery patterns with validation and rollout safeguards. Maintain exception governance discipline, such as time-bounded exceptions with explicit ownership, compensating controls, and regular burn-down reviews. Drive verified vulnerability closure for Linux-specific exposure classes Establish and embed Linux-specific secure engineering principles, such as least privilege daemons, immutable configuration patterns, kernel hardening, and audit telemetry standards, into engineering standards and peer review processes. Contribute to the firm's broader CIS Benchmark compliance posture, maintaining mappings to CIS Controls v8 and NIST CSF 2.0 for audit and regulatory defensibility. What’s required 6+ years of experience in Linux system administration or security engineering, with at least 3 years focused on Linux security hardening and compliance in an enterprise environment. Demonstrated expertise with configuration management tooling, specifically Ansible, and infrastructure-as-code practices, including version control, peer review workflows, and pipeline-driven enforcement. Hands-on experience with CIS Benchmarks for Linux (RHEL, Ubuntu, or equivalent) and familiarity with the NIST Cybersecurity Framework (CSF 2.0) and STIG compliance frameworks. Proven ability to build and operate drift detection and reconciliation tooling, as well as experience with Qualys, CrowdStrike, or equivalent endpoint monitoring platforms. Working knowledge of Linux kernel security features such as SELinux or AppArmor, auditd, system hardening, privilege separation, and secure boot patterns. Experience operating in an engineering delivery model, specifically with sprint cadence, backlog prioritization, Definition of Done ... (truncated, view full listing at source)