Title: Technical Lead-Cloud & Infra Engg
Long Description
Linux Vulnerability Remediation Engineer (Server Infrastructure – RHEL 7/8/9/10)
Remote
Fulltime
Key Responsibilities
Vulnerability Remediation & Patch Management
- Own and execute end-to-end remediation for vulnerabilities identified on Linux servers (RHEL 7/8/9), including OS/package patching and configuration hardening.
- Fast-track and manage all Meridian-related remediation requirements as they are received, ensuring adherence to defined SLAs and audit expectations.
- Triage vulnerability findings (primarily from Qualys) and translate them into actionable remediation plans, considering exploitability, criticality, asset tiering, and operational risk.
- Coordinate remediation activities for:
- Kernel and package updates (YUM/DNF), security errata, and required reboots where applicable.
- CIS/STIG-aligned configuration changes (as applicable in the environment).
- Mitigations/compensating controls when immediate patching is not feasible (documented and approved per process).
Automation, Configuration Management & Engineering
- Develop, enhance, and maintain remediation automation using:
- Chef (cookbooks/recipes, attributes, templates, policy files as applicable)
- Ansible (playbooks, roles, inventories, modules)
- Shell scripting (Bash) and Ruby for server-side automation and custom remediation logic
- Convert recurring manual remediation steps into repeatable automated solutions and standardized runbooks.
- Ensure code follows internal engineering standards: version control, peer review, testing, documentation, and change management.
Validation, Closure & Reporting
- Validate remediation effectiveness by re-scanning and verifying closure in Qualys (and/or approved internal validation methods).
- Confirm fixes did not introduce regressions; coordinate with application and platform teams for post-change verification.
- Maintain accurate documentation of remediation actions, approvals, exceptions, and closure evidence to support audit and compliance needs.
- Provide progress updates, metrics, and risk status to stakeholders (e.g., open critical/high items, aging items, SLA adherence).
Cross-Team Coordination & Operational Execution
- Schedule and lead remediation calls with infrastructure support teams, application owners, and other stakeholders to drive timely execution.
- Work within change management processes: create/execute change plans, develop rollback steps, and coordinate maintenance windows.
- Partner with platform engineering to improve standard server baselines and prevent vulnerability recurrence.
Vendor & Release Coordination (as needed)
- Follow up with vendors (e.g., Red Hat or software providers) for patch availability, release schedules, and remediation guidance when vulnerabilities require vendor action.
- Track advisories (RHSA/RHBA) and coordinate planned rollout timelines where applicable.
Area(s) of responsibility
Required Qualifications
- 6-10 years of Strong hands-on experience with RHEL 7/8/9/10 in enterprise environments.
- Proven experience driving vulnerability remediation and patch management for Linux servers.
- Expertise with Qualys (or equivalent vulnerability scanners) including interpreting findings, false-positive validation, and closure verification.
- Automation experience with Chef and/or Ansible in production.
- Strong scripting skills: Bash, plus working proficiency in Ruby (or ability to maintain/extend existing Ruby codebases).
- Understanding of Linux security fundamentals (permissions, services, SSH hardening, package management, kernel considerations).
- Experience working with change management, incident/problem management, and coordinating across multiple support teams.
Preferred Qualifications
- Familiarity with compliance/security frameworks (e.g., CIS benchmarks, STIG concepts) as applied to Linux servers.
- Experience with CI/CD or automated testing for infrastructure code (linting, unit/integration testing where applicable).
- Experience operating in large-scale environments (hundreds/thousands of servers) with tiered production controls.
- Working knowledge of container host hardening and server-side runtime dependencies (if applicable to the server fleet).
Key Skills & Competencies
- Remediation prioritization and risk-based decision making
- Strong troubleshooting and root-cause analysis (package conflicts, dependency issues, service impacts)
- Clear communication and ability to drive closure across stakeholders
- Documentation discipline and audit readiness mindset
- Ability to deliver under tight timelines while maintaining system stability
Deliverables / Success Measures
- Reduction in open Patch NOW/Critical/High vulnerabilities and improved SLA compliance.
- Consistent, repeatable remediation through Chef/Ansible automation.
- Verified closures in Qualys with clear evidence and minimal re-open rates.
- Improved remediation cycle time for Meridian requirements and other prioritized findings.
- Fewer recurring vulnerability patterns through baseline improvements and preventive controls.