Linux Security Lead
Company: Point72
Location: New York City
Posted on: April 1, 2026
|
|
|
Job Description:
A Career with Point72’s Technology Team As Point72 reimagines
the future of investing, our Technology team is constantly evolving
our firm’s IT infrastructure and engineering capabilities,
positioning us at the forefront of a rapidly evolving technology
landscape. We’re a team of experts who experiment and work to
discover new ways to harness open-source solutions, modern cloud
architectures, and sophisticated Artificial Intelligence (AI)
solutions, while embracing enterprise agile methodologies. Our
commitment to building and innovating in the AI space provides the
framework intended to drive smarter decision making and enhance how
we build and operate our platforms and applications. As a member of
Point72’s Technology team, we encourage and support your
professional development from day one—helping you advance your
technical skills, contribute innovative ideas, and satisfy your own
intellectual curiosity—all while delivering real business impact
for our multi-billion-dollar global business What you’ll do As the
Linux Security Lead, you will own and drive a consistent and
enforceable security posture across the firm's Linux fleet —
building enforceable baselines, automated drift detection, and
verified remediation patterns that scale across a hybrid
on-premises and cloud environment. You will report directly to the
Head of Infrastructure Security and serve as the technical
authority for Linux hardening, operating within a sprint-based
engineering discipline and working closely with the Linux
Infrastructure team. Specifically, you will: Own the Linux security
baseline program end-to-end, including defining hardening intent
per distribution and workload class (RHEL, Ubuntu, Amazon Linux),
enforcing standards through Ansible and configuration management
tooling, and driving continuous drift reconciliation. Build and
operate automated drift detection workflows by translating desired
state into enforcement, generating alerts with remediation paths,
and reducing MTTR for high-risk deviations. Integrate Linux posture
signals, including compliance state, vulnerability exposure, and
audit telemetry, into broader access policy and detection
pipelines. Partner with security automation teams to build
scalable, version?controlled delivery patterns with validation and
rollout safeguards. Maintain exception governance discipline, such
as time-bounded exceptions with explicit ownership, compensating
controls, and regular burn-down reviews. Drive verified
vulnerability closure for Linux-specific exposure classes Establish
and embed Linux-specific secure engineering principles, such as
least privilege daemons, immutable configuration patterns, kernel
hardening, and audit telemetry standards, into engineering
standards and peer review processes. Contribute to the firm's
broader CIS Benchmark compliance posture, maintaining mappings to
CIS Controls v8 and NIST CSF 2.0 for audit and regulatory
defensibility. What’s required 6 years of experience in Linux
system administration or security engineering, with at least 3
years focused on Linux security hardening and compliance in an
enterprise environment. Demonstrated expertise with configuration
management tooling, specifically Ansible, and
infrastructure-as-code practices, including version control, peer
review workflows, and pipeline-driven enforcement. Hands-on
experience with CIS Benchmarks for Linux (RHEL, Ubuntu, or
equivalent) and familiarity with the NIST Cybersecurity Framework
(CSF 2.0) and STIG compliance frameworks. Proven ability to build
and operate drift detection and reconciliation tooling, as well as
experience with Qualys, CrowdStrike, or equivalent endpoint
monitoring platforms. Working knowledge of Linux kernel security
features such as SELinux or AppArmor, auditd, system hardening,
privilege separation, and secure boot patterns. Experience
operating in an engineering delivery model, specifically with
sprint cadence, backlog prioritization, Definition of Done tied to
verification, and peer review for high-impact changes. Strong
collaboration skills with the ability to define and maintain
explicit interfaces with adjacent teams and communicate posture
risk clearly to technical and non-technical stakeholders.
Commitment to the highest ethical standards. We take care of our
people We invest in our people, their careers, their health, and
their well-being. When you work here, we provide: Fully-paid health
care benefits Generous parental and family leave policies Mental
and physical wellness programs Volunteer opportunities Non-profit
matching gift program Support for employee-led affinity groups
representing women, minorities and the LGBT community Tuition
assistance A 401(k) savings program with an employer match and more
About Point72 Point72 Asset Management is a global firm led by
Steven Cohen that invests in multiple asset classes and strategies
worldwide. Resting on more than a quarter-century of investing
experience, we seek to be the industry’s premier asset manager
through delivering superior risk-adjusted returns, adhering to the
highest ethical standards, and offering the greatest opportunities
to the industry’s brightest talent. We’re inventing the future of
finance by revolutionizing how we develop our people and how we use
data to shape our thinking. For more information, visit
www.Point72.com/working-here The annual base salary range for this
role is $200,000-$300,000 (USD), which does not include
discretionary bonus compensation or our comprehensive benefits
package. Actual compensation offered to the successful candidate
may vary from posted hiring range based upon geographic location,
work experience, education, and/or skill level, among other
things.
Keywords: Point72, White Plains , Linux Security Lead, IT / Software / Systems , New York City, New York
