The CIS Baseline & Server Image Security Engineer is responsible for designing, maintaining, and implementingCenter for Internet Security (CIS)aligned security baselines and hardened server imagesfor enterprise server operating systems. This role focuses on modern server platforms includingWindows Server 2025andRed Hat Enterprise Linux (RHEL).

The position works closely withCyber Security Operations Center (CSOC)and multipleITD infrastructure and engineering teamsto ensure CIS benchmarks, security baselines, and gold images remain current, approved, and aligned with TxDOTs required security posture. The role ensures that server operating system images reflect approved security controls while remaining operationally supportable.

Primary Responsibilities

CIS Baseline Development & Maintenance

• Create, customize, and maintain CIS security baselines for:
• Windows Server 2025
• Red Hat Enterprise Linux (RHEL)
• Monitor CIS benchmark releases and security advisories to ensure baselines are reviewed and updated as required.
• Translate CIS benchmarks into:
• Group Policy Objects (GPOs)
• Local security policies
• Configuration standards and baseline documentation
• Maintain versioned baseline artifacts, approval records, and supporting documentation.

Server Image Hardening & Standardization

• Design and maintainsecure, standardized (gold) server operating system imagesthat incorporate approved CIS baselines.
• Integrate CIS baseline controls into:
• Server build images
• Post-build configuration processes
• Validate that baseline settings are consistently applied across newly deployed server systems.
• Support image updates as new operating system releases or CIS benchmark versions are published.

Security Alignment & CSOC Collaboration

• Work closely withCSOC & SRMto:
• Review baseline changes
• Validate security posture
• Address findings related to configuration standards and benchmarks
• Participate in security, baseline review, and posture validation meetings with CSOC.
• Ensure CIS baseline decisions align with TxDOT & DIR STS security governance and risk management expectations.

Cross
9Team Coordination

• Collaborate with ITD teams including:
• Server Operations
• Platform Engineering
• Change Management
• Vulnerability Management
• Provide guidance on baseline impacts to operations and applications.
• Support discussions related to baseline compliance, remediation strategy, and future platform alignment.

Exception & Risk Management Support

• Identify scenarios where CIS baseline settings require exceptions due to operational or application constraints.
• Support documentation of:
• Risk decisions
• Approved exceptions
• Compensating controls
• Maintain baseline exception artifacts in alignment with security governance processes.

Minimum (Required):

Years

Skills/Experience

Hands
9on experience developing and maintainingCIS security baselinesfor server operating systems.

Strong knowledge of: Windows Server security configuration(including GPO
9based enforcement) and Linux security hardening, particularly RHEL

Experience integrating security baselines intoserver images or standardized builds.

Ability to work cross
9functionally with security and infrastructure teams

Strong documentation, communication, and organizational skills.

Preferred (Optional):

Years

Skills/Experience

Experience supporting CIS baselines in agovernment, regulated, or large enterprise environment.

Prior experience collaborating directly with aCyber Security Operations Center (CSOC).

Familiarity with vulnerability management, configuration compliance, or audit activities.

Experience supporting multiple server OS versions and lifecycle transitions.

Deliverables & Success Measures

• Approved, versioned CIS baselines for supported server operating systems.
• Secure, standardized server OS images reflecting current CIS benchmarks.
• Documented baseline updates and exception decisions aligned with CSOC and ITD standards.
• Improved consistency and security posture across enterprise server platforms.