Linux Security Lead

A Career with Point72's Technology Team

As Point72 reimagines the future of investing, our Technology team is constantly evolving our firm's IT infrastructure and engineering capabilities, positioning us at the forefront of a rapidly evolving technology landscape. We're a team of experts who experiment and work to discover new ways to harness open-source solutions, modern cloud architectures, and sophisticated Artificial Intelligence (AI) solutions, while embracing enterprise agile methodologies. Our commitment to building and innovating in the AI space provides the framework intended to drive smarter decision making and enhance how we build and operate our platforms and applications.

As a member of Point72's Technology team, we encourage and support your professional development from day one-helping you advance your technical skills, contribute innovative ideas, and satisfy your own intellectual curiosity-all while delivering real business impact for our multi-billion-dollar global business

What you'll do

As the Linux Security Lead, you will own and drive a consistent and enforceable security posture across the firm's Linux fleet - building enforceable baselines, automated drift detection, and verified remediation patterns that scale across a hybrid on-premises and cloud environment. You will report directly to the Head of Infrastructure Security and serve as the technical authority for Linux hardening, operating within a sprint-based engineering discipline and working closely with the Linux Infrastructure team. Specifically, you will:

• Own the Linux security baseline program end-to-end, including defining hardening intent per distribution and workload class (RHEL, Ubuntu, Amazon Linux), enforcing standards through Ansible and configuration management tooling, and driving continuous drift reconciliation.
• Build and operate automated drift detection workflows by translating desired state into enforcement, generating alerts with remediation paths, and reducing MTTR for high-risk deviations.
• Integrate Linux posture signals, including compliance state, vulnerability exposure, and audit telemetry, into broader access policy and detection pipelines.
• Partner with security automation teams to build scalable, version‑controlled delivery patterns with validation and rollout safeguards.
• Maintain exception governance discipline, such as time-bounded exceptions with explicit ownership, compensating controls, and regular burn-down reviews.
• Drive verified vulnerability closure for Linux-specific exposure classes
• Establish and embed Linux-specific secure engineering principles, such as least privilege daemons, immutable configuration patterns, kernel hardening, and audit telemetry standards, into engineering standards and peer review processes.
• Contribute to the firm's broader CIS Benchmark compliance posture, maintaining mappings to CIS Controls v8 and NIST CSF 2.0 for audit and regulatory defensibility.

What's required

• 6+ years of experience in Linux system administration or security engineering, with at least 3 years focused on Linux security hardening and compliance in an enterprise environment.
• Demonstrated expertise with configuration management tooling, specifically Ansible, and infrastructure-as-code practices, including version control, peer review workflows, and pipeline-driven enforcement.
• Hands-on experience with CIS Benchmarks for Linux (RHEL, Ubuntu, or equivalent) and familiarity with the NIST Cybersecurity Framework (CSF 2.0) and STIG compliance frameworks.
• Proven ability to build and operate drift detection and reconciliation tooling, as well as experience with Qualys, CrowdStrike, or equivalent endpoint monitoring platforms.
• Working knowledge of Linux kernel security features such as SELinux or AppArmor, auditd, system hardening, privilege separation, and secure boot patterns.
• Experience operating in an engineering delivery model, specifically with sprint cadence, backlog prioritization, Definition of Done tied to verification, and peer review for high-impact changes.
• Strong collaboration skills with the ability to define and maintain explicit interfaces with adjacent teams and communicate posture risk clearly to technical and non-technical stakeholders.
• Commitment to the highest ethical standards. 

We take care of our people

We invest in our people, their careers, their health, and their well-being. When you work here, we provide:

• Fully-paid health care benefits
• Generous parental and family leave policies
• Mental and physical wellness programs
• Volunteer opportunities
• Non-profit matching gift program
• Support for employee-led affinity groups representing women, minorities and the LGBT+ community
• Tuition assistance
• A 401(k) savings program with an employer match and more

About Point72

Point72 Asset Management is a global firm led by Steven Cohen that invests in multiple asset classes and strategies worldwide. Resting on more than a quarter-century of investing experience, we seek to be the industry's premier asset manager through delivering superior risk-adjusted returns, adhering to the highest ethical standards, and offering the greatest opportunities to the industry's brightest talent. We're inventing the future of finance by revolutionizing how we develop our people and how we use data to shape our thinking. For more information, visit www.Point72.com/working-here

The annual base salary range for this role is $200,000-$300,000 (USD), which does not include discretionary bonus compensation or our comprehensive benefits package. Actual compensation offered to the successful candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level, among other things.