OPEN TO FOOTPRINTS

Role Responsibilities

• Design, develop, and maintain CIS Benchmark-aligned baseline hardening modules using Puppet (Puppet DSL, Hiera) for Linux distributions (RHEL 8/9, Ubuntu, Amazon Linux, etc.) and Windows Server versions (2019/2022/2025) operating in cloud platforms.
• Design and harden Amazon Machine Images (AMIs), Azure Images, and GCP VM Images using Packer, embedding CIS Benchmarks and organizational security controls directly into the base image.
• Architect, automate, and maintain Packer-based pipelines that build, validate, test, and publish hardened AMIs and base images across multiple environments (dev → prod) with full versioning and governance.
• Harden Kubernetes worker nodes and managed node groups (EKS, AKS, GKE, OpenShift) using CIS controls, image-based baselines, and configuration enforcement workflows.
• Implement continuous compliance and drift detection pipelines using Puppet, custom scripts, and cloud-native tooling (Config, Policy-as-Code frameworks).
• Generate automated compliance, deviation, and audit-ready reports to evaluate adherence to CIS Benchmarks, internal standards, and regulatory frameworks.
• Collaborate with Security and Audit teams to translate policies, CIS controls, and hardening requirements into automated guardrails for cloud workloads and images.
• Maintain and enhance reusable Puppet modules, roles/profiles, and Hiera data structures to support scalable hardening across hybrid and multi-cloud environments.
• Validate hardened images and baseline controls through testing frameworks (integration tests, compliance scans, InSpec or equivalent).
• Own the cloud image lifecycle: image creation → CIS hardening → validation → signing → publishing → rotation → deprecation.
• Maintain expert-level Linux and Windows system administration skills to troubleshoot, validate, and enhance hardened cloud images and configurations.
• Stay current with CIS Benchmark updates, cloud platform hardening recommendations, and evolving industry best practices for image security and baseline governance.

Basic Qualifications

• Bachelor's Degree
• 5 years of experience in cloud OS hardening, configuration management, or cloud security engineering
• Strong Linux and Windows system administration experience
• Strong Puppet development experience (Puppet DSL, Hiera)

Preferred Qualifications

• Experience building or maintaining hardened cloud images using HashiCorp Packer
• Experience publishing AMIs or cloud images through automated pipelines (Jenkins, Azure DevOps Pipelines, Harness, etc.)
• Hands-on experience implementing CIS Benchmarks for Linux, Windows, and Kubernetes
• Kubernetes hardening experience with EKS, AKS, GKE, or OpenShift worker nodes
• Familiarity with cloud-native configuration and compliance services (AWS Config, Azure Policy, GCP Security Command Center)
• Proficiency in scripting (Python, Bash, PowerShell, Groovy, Go)
• Experience generating automated compliance/audit evidence for regulated environments (PCI, SOX, FFIEC, ISO, etc.)
• Understanding of cloud networking, identity, logging, and security controls across AWS, Azure, and GCP
• Experience with Git, GitOps practices, and secure pipeline workflows
• Excellent documentation, communication, and analytical skills