CIS Baseline & Server Image Security Engineer

The CIS Baseline & Server Image Security Engineer is responsible for designing, maintaining, and implementing Center for Internet Security (CIS)–aligned security baselines and hardened server images for enterprise server operating systems. This role focuses on modern server platforms including Windows Server 2025 and Red Hat Enterprise Linux (RHEL).
The position works closely with Cyber Security Operations Center (CSOC) and multiple ITD infrastructure and engineering teams to ensure CIS benchmarks, security baselines, and gold images remain current, approved, and aligned with TxDOT’s required security posture. The role ensures that server operating system images reflect approved security controls while remaining operationally supportable.
________________________________________
Primary Responsibilities
CIS Baseline Development & Maintenance
•    Create, customize, and maintain CIS security baselines for:
o    Windows Server 2025
o    Red Hat Enterprise Linux (RHEL)
•    Monitor CIS benchmark releases and security advisories to ensure baselines are reviewed and updated as required.
•    Translate CIS benchmarks into:
o    Group Policy Objects (GPOs)
o    Local security policies
o    Configuration standards and baseline documentation
•    Maintain versioned baseline artifacts, approval records, and supporting documentation.
________________________________________
Server Image Hardening & Standardization
•    Design and maintain secure, standardized (“gold”) server operating system images that incorporate approved CIS baselines.
•    Integrate CIS baseline controls into:
o    Server build images
o    Post-build configuration processes
•    Validate that baseline settings are consistently applied across newly deployed server systems.
•    Support image updates as new operating system releases or CIS benchmark versions are published.
________________________________________
Security Alignment & CSOC Collaboration
•    Work closely with CSOC & SRM to:
o    Review baseline changes
o    Validate security posture
o    Address findings related to configuration standards and benchmarks
•    Participate in security, baseline review, and posture validation meetings with CSOC.
•    Ensure CIS baseline decisions align with TxDOT & DIR STS security governance and risk management expectations.
________________________________________
Cross Team Coordination
•    Collaborate with ITD teams including:
o    Server Operations
o    Platform Engineering
o    Change Management
o    Vulnerability Management
•    Provide guidance on baseline impacts to operations and applications.
•    Support discussions related to baseline compliance, remediation strategy, and future platform alignment.
________________________________________
Exception & Risk Management Support
•    Identify scenarios where CIS baseline settings require exceptions due to operational or application constraints.
•    Support documentation of:
o    Risk decisions
o    Approved exceptions
o    Compensating controls
•    Maintain baseline exception artifacts in alignment with security governance processes.

Minimum Yrs of Experience, Skills, and Qualifications    Required Qualifications
•    Hands on experience developing and maintaining CIS security baselines for server operating systems.
•    Strong knowledge of:
o    Windows Server security configuration (including GPO based enforcement)
o    Linux security hardening, particularly RHEL
•    Experience integrating security baselines into server images or standardized builds.
•    Ability to work cross functionally with security and infrastructure teams.
•    Strong documentation, communication, and organizational skills.

Preferred Skills and Qualifications    Preferred Qualifications
•    Experience supporting CIS baselines in a government, regulated, or large enterprise environment.
•    Prior experience collaborating directly with a Cyber Security Operations Center (CSOC).
•    Familiarity with vulnerability management, configuration compliance, or audit activities.
•    Experience supporting multiple server OS versions and lifecycle transitions.
________________________________________
Deliverables & Success Measures
•    Approved, versioned CIS baselines for supported server operating systems.
•    Secure, standardized server OS images reflecting current CIS benchmarks.
•    Documented baseline updates and exception decisions aligned with CSOC and ITD standards.
•    Improved consistency and security posture across enterprise server platforms.