Linux Vulnerability Remediation Engineer (Server Infrastructure – RHEL 7/8/9/10)
Remote
Fulltime
Key Responsibilities
Vulnerability Remediation & Patch Management
- Own and execute end-to-end remediation for vulnerabilities identified on Linux servers (RHEL 7/8/9), including OS/package patching and configuration hardening.
- Fast-track and manage all Meridian-related remediation requirements as they are received, ensuring adherence to defined SLAs and audit expectations.
- Triage vulnerability findings (primarily from Qualys) and translate them into actionable remediation plans, considering exploitability, criticality, asset tiering, and operational risk.
- Coordinate remediation activities for:
- Kernel and package updates (YUM/DNF), security errata, and required reboots where applicable.
- CIS/STIG-aligned configuration changes (as applicable in the environment).
- Mitigations/compensating controls when immediate patching is not feasible (documented and approved per process).
Automation, Configuration Management & Engineering
- Develop, enhance, and maintain remediation automation using:
- Chef (cookbooks/recipes, attributes, templates, policy files as applicable)
- Ansible (playbooks, roles, inventories, modules)
- Shell scripting (Bash) and Ruby for server-side automation and custom remediation logic
- Convert recurring manual remediation steps into repeatable automated solutions and standardized runbooks.
- Ensure code follows internal engineering standards: version control, peer review, testing, documentation, and change management.
Validation, Closure & Reporting
- Validate remediation effectiveness by re-scanning and verifying closure in Qualys (and/or approved internal validation methods).
- Confirm fixes did not introduce regressions; coordinate with application and platform teams for post-change verification.
- Maintain accurate documentation of remediation actions, approvals, exceptions, and closure evidence to support audit and compliance needs.
- Provide progress updates, metrics, and risk status to stakeholders (e.g., open critical/high items, aging items, SLA adherence).
Cross-Team Coordination & Operational Execution
- Schedule and lead remediation calls with infrastructure support teams, application owners, and other stakeholders to drive timely execution.
- Work within change management processes: create/execute change plans, develop rollback steps, and coordinate maintenance windows.
- Partner with platform engineering to improve standard server baselines and prevent vulnerability recurrence.
Vendor & Release Coordination (as needed)
- Follow up with vendors (e.g., Red Hat or software providers) for patch availability, release schedules, and remediation guidance when vulnerabilities require vendor action.
- Track advisories (RHSA/RHBA) and coordinate planned rollout timelines where applicable.