6-10 years of hands-on experience with RHEL 7/8/9/10 in enterprise settings.
Proven history of managing vulnerability remediation and patch management for Linux servers.
Expertise with Qualys or similar vulnerability scanning tools, including interpreting and verifying findings.
Automation experience with Chef and/or Ansible deployed in production environments.
Strong scripting abilities in Bash along with proficiency in Ruby to maintain or extend codebases.
Understanding of Linux security fundamentals, including permissions, SSH hardening, and kernel considerations.
Experience in change management and coordinating across various support teams.
Responsibilities
Execute end-to-end vulnerability remediation on Linux servers, including patching and configuration hardening.
Manage remediation requirements related to Meridian, ensuring SLAs and audit standards are met.
Triage vulnerability findings and create actionable remediation plans based on risk and criticality.
Coordinate necessary kernel and package updates, including implementing security changes and mitigations.
Develop and maintain automation for remediation using Chef, Ansible, and custom scripts.
Validate remediation effectiveness and ensure documented closure of vulnerabilities for compliance.
Lead cross-team remediation calls to facilitate timely actions and maintain change management processes.
Benefits
Remote work flexibility.
Opportunity to work with cutting-edge technologies in Linux environments.
Exposure to enterprise-level vulnerability management and automation practices.
Collaboration with multiple teams, enhancing professional network and cross-functional skills.
Support for continuous learning and development in automation and security best practices.
Full Job Description
Long Description
Linux Vulnerability Remediation Engineer (Server Infrastructure - RHEL 7/8/9/10)
Remote
Fulltime
Key Responsibilities
Vulnerability Remediation & Patch Management
Own and execute end-to-end remediation for vulnerabilities identified on Linux servers (RHEL 7/8/9), including OS/package patching and configuration hardening.
Fast-track and manage all Meridian-related remediation requirements as they are received, ensuring adherence to defined SLAs and audit expectations.
Triage vulnerability findings (primarily from Qualys) and translate them into actionable remediation plans, considering exploitability, criticality, asset tiering, and operational risk.
Coordinate remediation activities for:
Kernel and package updates (YUM/DNF), security errata, and required reboots where applicable.
CIS/STIG-aligned configuration changes (as applicable in the environment).
Mitigations/compensating controls when immediate patching is not feasible (documented and approved per process).
Develop, enhance, and maintain remediation automation using:
Chef (cookbooks/recipes, attributes, templates, policy files as applicable)
Ansible (playbooks, roles, inventories, modules)
Shell scripting (Bash) and Ruby for server-side automation and custom remediation logic
Convert recurring manual remediation steps into repeatable automated solutions and standardized runbooks.
Ensure code follows internal engineering standards: version control, peer review, testing, documentation, and change management.
Validation, Closure & Reporting
Validate remediation effectiveness by re-scanning and verifying closure in Qualys (and/or approved internal validation methods).
Confirm fixes did not introduce regressions; coordinate with application and platform teams for post-change verification.
Maintain accurate documentation of remediation actions, approvals, exceptions, and closure evidence to support audit and compliance needs.
Provide progress updates, metrics, and risk status to stakeholders (e.g., open critical/high items, aging items, SLA adherence).
Cross-Team Coordination & Operational Execution
Schedule and lead remediation calls with infrastructure support teams, application owners, and other stakeholders to drive timely execution.
Work within change management processes: create/execute change plans, develop rollback steps, and coordinate maintenance windows.
Partner with platform engineering to improve standard server baselines and prevent vulnerability recurrence.
Vendor & Release Coordination (as needed)
Follow up with vendors (e.g., Red Hat or software providers) for patch availability, release schedules, and remediation guidance when vulnerabilities require vendor action.
Track advisories (RHSA/RHBA) and coordinate planned rollout timelines where applicable.
Area(s) of responsibility
Required Qualifications
6-10 years of Strong hands-on experience with RHEL 7/8/9/10 in enterprise environments.
Proven experience driving vulnerability remediation and patch management for Linux servers.
Expertise with Qualys (or equivalent vulnerability scanners) including interpreting findings, false-positive validation, and closure verification.
Automation experience with Chef and/or Ansible in production.
Strong scripting skills: Bash, plus working proficiency in Ruby (or ability to maintain/extend existing Ruby codebases).
Understanding of Linux security fundamentals (permissions, services, SSH hardening, package management, kernel considerations).
Experience working with change management, incident/problem management, and coordinating across multiple support teams.
Preferred Qualifications
Familiarity with compliance/security frameworks (e.g., CIS benchmarks, STIG concepts) as applied to Linux servers.
Experience with CI/CD or automated testing for infrastructure code (linting, unit/integration testing where applicable).
Experience operating in large-scale environments (hundreds/thousands of servers) with tiered production controls.
Working knowledge of container host hardening and server-side runtime dependencies (if applicable to the server fleet).
Key Skills & Competencies
Remediation prioritization and risk-based decision making
Strong troubleshooting and root-cause analysis (package conflicts, dependency issues, service impacts)
Clear communication and ability to drive closure across stakeholders
Documentation discipline and audit readiness mindset
Ability to deliver under tight timelines while maintaining system stability
Deliverables / Success Measures
Reduction in open Patch NOW/Critical/High vulnerabilities and improved SLA compliance.
Consistent, repeatable remediation through Chef/Ansible automation.
Verified closures in Qualys with clear evidence and minimal re-open rates.
Improved remediation cycle time for Meridian requirements and other prioritized findings.
Fewer recurring vulnerability patterns through baseline improvements and preventive controls.