Center for Internet Security, Inc.

  • Linux-Unix-MacOS Cybersecurity Engineer and Community Lead

    Job Locations US-Remote | US-NY-Albany
    Software Development, Tools and Information Technology
    Regular Full-Time
  • Overview

    CIS Benchmarks are computer system configuration guidance standards that are used world-wide to secure systems ranging from handheld devices to workstations to servers to network devices from evolving cybersecurity threats. The Linux-Unix-MacOS Benchmarks Cybersecurity Engineer and Community Lead (BCE-CL) will focus on accelerating similar offerings for these technology areas.

    The BCE-CL will be part of a team leading the public Linux-Unix-MacOS Technology Communities under their care and will orchestrate the development of community driven Benchmark documents, Automated Assessment Content (AAC), and Build Kits. Detailed experience in all three technologies is not required, but solid experience in at least one is, and a willingness to learn/support the others.

    What You'll Do

    • Lead multiple public consensus teams identifying, defining and documenting security requirements for key Linux-Unix-MacOS technologies (security relevant configuration settings).
    • Lead multiple public consensus teams on continual development and release of security best practice guidance with a focus on enterprise platforms and services.
      • Lead and guide others through the overall Benchmark development process and community relations
      • Collaborate with the team to develop, maintain and own Benchmark delivery schedules based on market priority
    • Use CIS tools to develop, test and deliver Benchmark prose, Automated Assessment Content (SCAP, XCCDF, OVAL, etc.) and Build Kits
      • Coordinate internal/external resources, but also directly contribute as able to achieve deliveries (based on technical expertise)
      • Develop test plans for Benchmark recommendations, AAC, and Build Kits
      • Coordinate testing internally/externally and validate results
    • Mentor and coach team members in a technical capacity
    • Other tasks and responsibilities as assigned

    What You'll Need

    • Bachelor's degree in a related field*
    • 4+ years of hands on experience managing/administering multiple computer systems in an enterprise (Linux, MacOS, Network Gear, Mobile Devices, MS Windows, etc.)
    • 3+ years of shell scripting development/debugging experience in Linux/Unix environments (BASH, POSIX, etc.)
    • 2+ years of team leadership experience including project management, coaching and mentoring
    • 2+ years of experience in the practical application of Cybersecurity concepts and issues including implementing and/or assessing network, application and/or operating system security controls
    • Experience working in a diverse geographically distributed community (Open Source software development, Standards development, etc.)
    • Must be authorized to work in the United States

    *Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.


    It's a Plus if You Have:

    • (ISC)2 CISSP certification
    • PMI PMP certification
    • Experience securing a diverse set of enterprise technologies (OSes, Databases, Networking, etc.)
    • Experience using or developing configuration security guidance (CIS Benchmarks, DISA STIGs, Vendor Guidance, etc.)
    • Significant experience developing and enforcing security policy across an enterprise (PCI, HIPAA, NIST CSF, etc.)
    • Experience within the security automation domain, including expertise in Security Content Automation Protocol (SCAP) related schemas, such as Open Vulnerability and Assessment Language (OVAL), Extensible Configuration Checklist Description Format (XCCDF), Common Configuration Enumeration (CCE) and Common Platform Enumeration (CPE), etc.
    • Proficiency using Atlassian products Jira and Confluence
    • Experience with Agile processes


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed