The CIS Baseline & Server Image Security Engineer is responsible for designing, maintaining, and implementing Center for Internet Security (CIS)–aligned security baselines and hardened server images for enterprise server operating systems. This role focuses on modern server platforms including Windows Server 2025 and Red Hat Enterprise Linux (RHEL).
The position works closely with Cyber Security Operations Center (CSOC) and multiple ITD infrastructure and engineering teams to ensure CIS benchmarks, security baselines, and gold images remain current, approved, and aligned with client required security posture. The role ensures that server operating system images reflect approved security controls while remaining operationally supportable.
Security Baseline Engineer (Windows Server / RHEL)
Overview
Develop, maintain, and deploy CIS security baselines for Windows Server 2025 and RHEL, ensuring they''re built into standardized server images and aligned with Client/DIR security governance.
Key Responsibilities
· Build and maintain CIS-based security baselines for Windows Server and RHEL, translating benchmarks into GPOs, local policies, and configuration standards; keep versioned documentation and approval records.
· Integrate approved baselines into gold server images and post-build processes; validate consistent application across new deployments and update images as OS releases or CIS versions change.
· Partner with CSOC and SRM to review baseline changes, validate security posture, and resolve configuration findings.
· Coordinate with Server Operations, Platform Engineering, Change Management, and Vulnerability Management on baseline impacts, remediation, and platform alignment.
· Identify and document baseline exceptions, risk decisions, and compensating controls in line with governance processes.
Required Qualifications
· Hands-on experience building/maintaining CIS baselines for server OSes, with strong skills in Windows Server (GPO enforcement) and RHEL hardening.
· Experience embedding security baselines into server images or standardized builds.
· Strong cross-functional collaboration, documentation, and communication skills.
Preferred Qualifications
· Experience in a government, regulated, or large enterprise environment.
· Direct collaboration with a CSOC.
· Familiarity with vulnerability management, compliance, or audit work.
· Experience managing multiple OS versions/lifecycle transitions.
Success Measures
· Approved, versioned baselines kept current with CIS releases.
· Standardized images consistently reflecting current benchmarks.
· Clear documentation of updates and exceptions.
· Measurable improvement in server security posture/consistency.
Minimum Yrs of Experience, Skills, and Qualifications
· Hands‑on experience developing and maintaining CIS security baselines for server operating systems.
· Strong knowledge of:
· Windows Server security configuration (including GPO‑based enforcement)
· Linux security hardening, particularly RHEL
· Experience integrating security baselines into server images or standardized builds.
· Ability to work cross‑functionally with security and infrastructure teams.
· Strong documentation, communication, and organizational skills
Preferred Skills and Qualifications
· Experience supporting CIS baselines in a government, regulated, or large enterprise environment.
· Prior experience collaborating directly with a Cyber Security Operations Center (CSOC).
· Familiarity with vulnerability management, configuration compliance, or audit activities.
· Experience supporting multiple server OS versions and lifecycle transitions.
Deliverables & Success Measures
· Approved, versioned CIS baselines for supported server operating systems.
· Secure, standardized server OS images reflecting current CIS benchmarks.
· Documented baseline updates and exception decisions aligned with CSOC and ITD standards.
· Improved consistency and security posture across enterprise server platforms.
Never miss an opportunity! Create an alert based on the job you applied for.
