Staff Linux Security Engineer

Glocomms is partnered with a leading hedge fund seeking a Staff Linux Security Engineer to enhance its security posture with a strong emphasis on authorization and access control. This individual will be responsible for designing, implementing, and maintaining secure authentication and authorization frameworks for the firm's Linux-based infrastructure. Their expertise will directly impact the ability to safeguard critical systems at scale.

Key Responsibilities:

• Architect, develop, and maintain robust authorization and access control solutions across a diverse Linux environment.
• Design and implement role-based access control (RBAC), attribute-based access control (ABAC), and policy-based access control (PBAC) models to enforce security best practices.
• Evaluate and enhance existing authentication and privileged access management (PAM) solutions to strengthen security.
• Develop and integrate identity and access management (IAM) solutions, including directory services, authentication protocols (OAuth, OIDC, SAML, Kerberos), and federated identity frameworks.
• Implement and enforce least privilege access using tools such as sudo, SELinux, AppArmor, or custom policy frameworks.
• Collaborate with DevOps, infrastructure, and security teams to embed security into CI/CD pipelines.
• Conduct security assessments, vulnerability analyses, and audits of Linux authorization policies.
• Automate security processes and policy enforcement using Python, Bash, Ansible, or Terraform.
• Stay up to date with security trends, emerging threats, and best practices related to Linux security and authorization.

Required Qualifications:

• 12+ years of experience in Linux security engineering, with a strong focus on authorization and access control.
• Bachelor's degree in Computer Science or a related technical field.
• Deep knowledge of Linux authentication and authorization mechanisms (PAM, LDAP, Kerberos, OAuth, OIDC, SAML, RBAC/ABAC).
• Hands-on experience implementing authorization frameworks in large-scale environments.
• Strong Python experience required.
• Experience with privileged access management (PAM) solutions like CyberArk, BeyondTrust, or HashiCorp Vault.
• Familiarity with Linux hardening techniques and security frameworks such as SELinux, AppArmor, or systemd security policies.
• Strong problem-solving skills with the ability to troubleshoot complex security and access control issues.

Preferred Qualifications:

• Experience with Zero Trust security models and policy-based access controls.
• Familiarity with security tools such as OSSEC, Falco, Auditd, or Tripwire.
• Contributions to open-source security projects related to Linux authorization and access control.
• Security certifications such as CISSP, OSCP, GIAC, or Red Hat Certified Engineer (RHCE).