Engineer Security Cryptography Linux

Roles and responsibilitiesCollaborate with other engineers in the Security Hardening team to achieve and retain various Security certificationsExtend and enhance Linux cryptographic components (OpenSSL, Libgcrypt, GnuTLS, and others) with the features and functionality required for FIPS and CC certificationCollaborate with external security consultants to test and validate kernel and crypto module componentsWork with external partners to develop security hardening benchmarks and audit + remediation automation for UbuntuContribute to Ubuntu mainline and upstream projects to land solutions and benefit the communityCommunication and collaboration within and outside Canonical to identify opportunities to improve our security posture, rapidly resolve issues, and deliver high-quality solutions on scheduleWhat we are looking for in youHands-on experience with low-level Linux cryptography APIs and debuggingExcellent software engineering fundamentals, including prior experience with C development, and the ability to demonstrate suchHands-on experience with Linux system administration and shell scriptingDemonstrated knowledge of security and cryptography fundamentals + direct experience writing secure code and implementing best practicesSignificant development experience working with open source librariesExcellent verbal and written communications to enable efficient collaboration with internal and external partners in a remote-first environmentAdditional Skills That You Might Also BringPrior experience working on FIPS/Common Criteria certified products and in-depth knowledge of the underlying standardsPrior experience working directly with DISA-STIG or CIS benchmarks, including related audit + remediation tooling (e.g. Compliance as Code)Experience working directly with Linux KernelPrior experience with Python, OVAL (Open Vulnerability Assessment Language), and AnsibleHistory of contributions to open source projectsDesired candidate profile1. Cryptography Implementation and ManagementEncryption/Decryption: Implement and manage encryption schemes for data at rest, data in transit, and communication between systems. Use tools like OpenSSL, GPG, and other cryptographic libraries to secure data.Key Management: Manage encryption keys securely using tools such as HashiCorp Vault, AWS KMS, or custom key management solutions. Ensure best practices for key lifecycle management (generation, storage, rotation, revocation).Cryptographic Protocols: Implement and support secure communication protocols, such as SSL/TLS, IPSec, and SSH, ensuring they meet industry standards for confidentiality and integrity.2. Linux Security HardeningSystem Hardening: Perform system hardening on Linux servers by configuring and maintaining security best practices, such as disabling unnecessary services, implementing least-privilege access, configuring firewalls (iptables/nftables), and applying security patches.SELinux/AppArmor: Configure and manage Security-Enhanced Linux (SELinux) or AppArmor to enforce security policies that protect against unauthorized access to system resources.Audit and Logging: Configure Linux audit frameworks (e.g., auditd) and log management tools (e.g., syslog, rsyslog) to monitor for suspicious activities and ensure compliance with security policies.Access Control: Set up and manage user and group permissions, configure sudoers file, and apply proper authentication mechanisms (e.g., PAM, two-factor authentication).3. Security Incident ResponseIncident Detection: Implement and configure intrusion detection/prevention systems (IDS/IPS), monitor for anomalous behaviors, and use tools like OSSEC, Snort, or Suricata.Forensics: In the event of a security breach, perform forensic analysis to identify the root cause, scope, and impact of the incident. Analyze logs, file system integrity, and other system artifacts.Threat Mitigation: Develop and implement mitigation strategies to reduce vulnerabilities, including deploying patches, security fixes, and configuration changes to prevent further attacks.4. Vulnerability Assessment and Penetration TestingVulnerability Scanning: Conduct vulnerability assessments on Linux systems using tools like Nessus, OpenVAS, or Lynis to identify security flaws and weaknesses.Penetration Testing: Perform penetration tests to identify potential vulnerabilities in the system or network. Use tools such as Metasploit, Burp Suite, or custom scripts to simulate attacks and assess system defenses.Security Audits: Conduct security audits to evaluate the effectiveness of security controls, identify weaknesses, and recommend remediation actions.5. Compliance and Security Best PracticesCompliance Requirements: Ensure systems are compliant with relevant regulations and standards, such as PCI DSS, HIPAA, GDPR, or FISMA. Implement security controls and audits to meet compliance requirements.Security Documentation: Create and maintain detailed documentation of security policies, procedures, and configurations. This includes documentation for cryptographic implementations, incident response procedures, and security audits.Security Policies: Develop and enforce organizational security policies, including those related to encryption standards, key management, secure coding practices, and network security.6. Continuous ImprovementResearch and Development: Stay up-to-date with the latest cryptographic algorithms, Linux security tools, and vulnerabilities. Experiment with new technologies and tools to improve the security posture of Linux systems.Automation: Automate security tasks and processes using scripting languages like Bash, Python, or Ansible to enhance the efficiency and reliability of security operations.Patch Management: Ensure that systems are regularly patched with the latest security updates and that vulnerabilities are mitigated in a timely manner. #J-18808-Ljbffr