Engineer Security Cryptography Linux

Canonical
Dubai
AED 200,000 - 400,000
Job description

Roles and responsibilities

  • Collaborate with other engineers in the Security Hardening team to achieve and retain various Security certifications
  • Extend and enhance Linux cryptographic components (OpenSSL, Libgcrypt, GnuTLS, and others) with the features and functionality required for FIPS and CC certification
  • Collaborate with external security consultants to test and validate kernel and crypto module components
  • Work with external partners to develop security hardening benchmarks and audit + remediation automation for Ubuntu
  • Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community
  • Communication and collaboration within and outside Canonical to identify opportunities to improve our security posture, rapidly resolve issues, and deliver high-quality solutions on schedule

What we are looking for in you

  • Hands-on experience with low-level Linux cryptography APIs and debugging
  • Excellent software engineering fundamentals, including prior experience with C development, and the ability to demonstrate such
  • Hands-on experience with Linux system administration and shell scripting
  • Demonstrated knowledge of security and cryptography fundamentals + direct experience writing secure code and implementing best practices
  • Significant development experience working with open source libraries
  • Excellent verbal and written communications to enable efficient collaboration with internal and external partners in a remote-first environment

Additional Skills That You Might Also Bring

  • Prior experience working on FIPS/Common Criteria certified products and in-depth knowledge of the underlying standards
  • Prior experience working directly with DISA-STIG or CIS benchmarks, including related audit + remediation tooling (e.g. Compliance as Code)
  • Experience working directly with Linux Kernel
  • Prior experience with Python, OVAL (Open Vulnerability Assessment Language), and Ansible
  • History of contributions to open source projects

Desired candidate profile

1. Cryptography Implementation and Management

  • Encryption/Decryption: Implement and manage encryption schemes for data at rest, data in transit, and communication between systems. Use tools like OpenSSL, GPG, and other cryptographic libraries to secure data.
  • Key Management: Manage encryption keys securely using tools such as HashiCorp Vault, AWS KMS, or custom key management solutions. Ensure best practices for key lifecycle management (generation, storage, rotation, revocation).
  • Cryptographic Protocols: Implement and support secure communication protocols, such as SSL/TLS, IPSec, and SSH, ensuring they meet industry standards for confidentiality and integrity.

2. Linux Security Hardening

  • System Hardening: Perform system hardening on Linux servers by configuring and maintaining security best practices, such as disabling unnecessary services, implementing least-privilege access, configuring firewalls (iptables/nftables), and applying security patches.
  • SELinux/AppArmor: Configure and manage Security-Enhanced Linux (SELinux) or AppArmor to enforce security policies that protect against unauthorized access to system resources.
  • Audit and Logging: Configure Linux audit frameworks (e.g., auditd) and log management tools (e.g., syslog, rsyslog) to monitor for suspicious activities and ensure compliance with security policies.
  • Access Control: Set up and manage user and group permissions, configure sudoers file, and apply proper authentication mechanisms (e.g., PAM, two-factor authentication).

3. Security Incident Response

  • Incident Detection: Implement and configure intrusion detection/prevention systems (IDS/IPS), monitor for anomalous behaviors, and use tools like OSSEC, Snort, or Suricata.
  • Forensics: In the event of a security breach, perform forensic analysis to identify the root cause, scope, and impact of the incident. Analyze logs, file system integrity, and other system artifacts.
  • Threat Mitigation: Develop and implement mitigation strategies to reduce vulnerabilities, including deploying patches, security fixes, and configuration changes to prevent further attacks.

4. Vulnerability Assessment and Penetration Testing

  • Vulnerability Scanning: Conduct vulnerability assessments on Linux systems using tools like Nessus, OpenVAS, or Lynis to identify security flaws and weaknesses.
  • Penetration Testing: Perform penetration tests to identify potential vulnerabilities in the system or network. Use tools such as Metasploit, Burp Suite, or custom scripts to simulate attacks and assess system defenses.
  • Security Audits: Conduct security audits to evaluate the effectiveness of security controls, identify weaknesses, and recommend remediation actions.

5. Compliance and Security Best Practices

  • Compliance Requirements: Ensure systems are compliant with relevant regulations and standards, such as PCI DSS, HIPAA, GDPR, or FISMA. Implement security controls and audits to meet compliance requirements.
  • Security Documentation: Create and maintain detailed documentation of security policies, procedures, and configurations. This includes documentation for cryptographic implementations, incident response procedures, and security audits.
  • Security Policies: Develop and enforce organizational security policies, including those related to encryption standards, key management, secure coding practices, and network security.

6. Continuous Improvement

  • Research and Development: Stay up-to-date with the latest cryptographic algorithms, Linux security tools, and vulnerabilities. Experiment with new technologies and tools to improve the security posture of Linux systems.
  • Automation: Automate security tasks and processes using scripting languages like Bash, Python, or Ansible to enhance the efficiency and reliability of security operations.
  • Patch Management: Ensure that systems are regularly patched with the latest security updates and that vulnerabilities are mitigated in a timely manner.
Get a free, confidential resume review.
Select file or drag and drop it
Avatar
Free online coaching
Improve your chances of getting that interview invitation!
Be the first to explore new Engineer Security Cryptography Linux jobs in Dubai