Deltapath Logo

Security Infrastructure & Vulnerability Management Engineer

We are seeking an exceptional Security Infrastructure & Vulnerability Management Engineer to serve as Deltapath’s in-house cybersecurity and infrastructure expert. This is a highly specialized, hands-on individual contributor role that combines infrastructure security architecture, vulnerability management, and product security expertise.

You will be responsible for designing, implementing, and continuously improving our security infrastructure. You will become the subject matter expert (SME) for our UC appliance product built on Ubuntu. You will monitor, analyze, and respond to CVE (Common Vulnerabilities and Exposures) notifications affecting all dependencies in our product and infrastructure. Most critically, you will not only apply patches but actively replicate CVEs in test environments, determine whether they apply to our specific product configuration, and verify that patches actually resolve the identified vulnerabilities.

This role requires someone with an intimate understanding of Linux (particularly Ubuntu), ethical hacking capabilities, and the ability to think like an adversary while defending against real-world threats. You will work independently, reporting directly to the CEO, and will be expected to exercise significant autonomy in making security decisions that protect Deltapath’s infrastructure, product, and customers.

Core Responsibilities

Network Infrastructure Security & Architecture

  • Design, implement, and maintain Deltapath’s network security infrastructure, including:
    • Ethernet Layer 2 Authentication: Configure and manage 802.1X authentication, network access control (NAC), and device management
    • Certificate-Based Authentication: Deploy and manage identity management infrastructure for identity and access management, including certificate generation, distribution, and renewal
    • Network Segmentation & Access Control: Design and enforce role-based network permissions for different employee groups, departments, and access levels
    • VLANs, Firewalls, and Network Policies: Configure firewalls, VLANs, and network policies to enforce security boundaries and protect sensitive systems
  • Continuously evaluate and improve network security architecture to address emerging threats and Deltapath’s evolving needs
  • Document network security architecture, policies, and procedures in detail for operational continuity and compliance
  • Conduct regular security audits of network configurations to identify misconfigurations, weak points, and opportunities for hardening

CVE Monitoring, Analysis, & Vulnerability Management

  • Establish and maintain a comprehensive CVE monitoring program that tracks vulnerabilities in:
    • All third-party libraries and dependencies used in Deltapath products
    • All packages installed in our infrastructure
    • Ubuntu base system and kernel vulnerabilities
    • Application-level vulnerabilities in our UC appliance and supporting tools
  • Monitor CVE feeds (NVD, Ubuntu Security Notices, vendor advisories, etc.) daily and triage new vulnerabilities for Deltapath relevance
  • For each identified CVE:
    • Analyze applicability: Determine whether the CVE applies to Deltapath’s specific product configuration, version, and usage patterns (not all CVEs affect all deployments)
    • Replicate in test environment: Actively reproduce the vulnerability in isolated lab/test environments that mirror production configurations
    • Assess impact: Evaluate the severity, exploitability, and potential business impact if left unpatched
    • Test patches: Verify that published patches and updates actually resolve the vulnerability
    • Prioritize remediation: Develop remediation plans based on criticality, exploitability, and business impact
  • Document CVE analysis and remediation decisions clearly for audit, compliance, and future reference
  • Create and maintain an accurate inventory of all software, dependencies, and versions running in Deltapath’s infrastructure and products
  • Establish SLAs for CVE response and patching based on severity (critical CVEs patched within 24–48 hours, high within 1 week, medium within 2 weeks, etc.)

Patching & System Hardening

  • Develop and execute patch management policies that balance security urgency with system stability
  • Plan, test, and deploy security patches and updates to:
    • Ubuntu systems (both in infrastructure and UC appliance products)
    • Application servers and middleware
    • Third-party libraries and dependencies
    • Firmware and system BIOS where applicable
  • Implement automated patching solutions where appropriate while maintaining manual oversight for critical systems
  • Perform security hardening of all systems:
    • Kernel parameter tuning and hardening
    • Service minimization (remove unnecessary services)
    • File permission audits and enforcement
    • SSH hardening and key-based authentication
    • SELinux/AppArmor configuration and enforcement
  • Document all patching and hardening activities for compliance and incident response purposes

Product Security Expertise (UC Appliance SME)

  • Become the subject matter expert for Deltapath’s UC appliance product, with deep understanding of:
    • How the appliance is architected and deployed
    • All dependencies, libraries, and third-party components it uses
    • Security implications of product features and configurations
    • Customer deployment patterns and potential security risks
  • Advise product engineering teams on security implications of new features, dependencies, and design decisions
  • Conduct security code reviews and architecture reviews for the UC appliance and related products
  • Develop security guidance for customers deploying UC appliances in production environments
  • Reproduce and validate customer-reported security concerns
  • Conduct threat modeling exercises for the product and provide recommendations for improvement

Ethical Hacking & Penetration Testing

  • Conduct regular penetration testing and security assessments of Deltapath infrastructure and products from an attacker’s perspective
  • Identify vulnerabilities that automated tools might miss through manual testing and creative attack scenarios
  • Test network segmentation, access controls, and permission enforcement to ensure they function as designed
  • Simulate real-world attack vectors (e.g., lateral movement, privilege escalation, data exfiltration) to test defensive controls
  • Document findings in clear, actionable reports with specific remediation recommendations
  • Conduct red team exercises to test security incident response procedures and team readiness

Security Incident Response & Forensics

  • Serve as the primary responder for security incidents related to infrastructure, vulnerabilities, or potential breaches
  • Conduct preliminary investigation and forensic analysis of security incidents
  • Preserve evidence, maintain chain of custody, and document incident timelines
  • Coordinate incident response with relevant teams (engineering, operations, management)
  • Develop incident root cause analysis and post-incident improvement recommendations
  • Participate in security incident war rooms and provide technical analysis

Security Documentation, Policies & Training

  • Develop and maintain comprehensive security documentation including:
    • Network security architecture and design rationale
    • Security policies and procedures
    • Access control policies
    • Incident response playbooks
    • CVE tracking and remediation procedures
    • System hardening baselines
  • Ensure all security documentation is accessible to relevant stakeholders and updated as systems evolve
  • Provide security training and guidance to engineering teams, operations staff, and other employees on security best practices
  • Create and maintain a security knowledge base for the organization

Compliance & Regulatory

  • Ensure Deltapath infrastructure and products comply with relevant security standards and regulations
  • Support security audits, penetration tests by third parties, and compliance assessments
  • Maintain audit trails and logs for security-relevant events
  • Document security controls and their effectiveness for compliance reporting

Required Qualifications

Experience & Background

  • 5+ years of hands-on experience with Linux system administration, with a focus on security (Ubuntu preferred)
  • 3+ years of dedicated cybersecurity or security engineering experience
  • Demonstrated experience with network security (firewalls, VLANs, network segmentation, access control)
  • Proven experience with CVE monitoring, vulnerability management, and patch management
  • Experience with certificate-based authentication and public key infrastructure (PKI)
  • Evidence of ethical hacking or penetration testing capability (CEH certification or equivalent experience strongly preferred)
  • Experience with at least one Linux-based identity and access management system (FreeIPA, LDAP, Active Directory, or similar)
  • Demonstrated ability to work independently and self-manage without close supervision

Technical Skills

Linux & Operating Systems:

  • Deep, hands-on knowledge of Ubuntu Linux (kernel, package management, system administration)
  • Proficiency with Linux command-line tools and scripting (bash, Python, or similar)
  • Understanding of Linux kernel security features (SELinux, AppArmor, capabilities, namespaces, cgroups)
  • Experience with system service management (systemd, init)
  • Ability to compile and customize kernels if needed
  • Familiarity with Linux hardening best practices

Network Security:

  • Hands-on experience configuring firewalls and implementing firewall policies
  • Understanding of networking protocols (TCP/IP, DNS, DHCP, routing)
  • Experience with network access control (NAC) and 802.1X authentication
  • Familiarity with VLANs, network segmentation, and microsegmentation
  • Understanding of VPN technologies and secure remote access

Authentication & Identity Management:

  • Hands-on experience with PacketFence (or similar network access control solutions)
  • Hands-on experience with FreeIPA (or similar certificate and identity management systems like LDAP, Active Directory, or Kerberos)
  • Understanding of certificate management, PKI, and certificate authorities
  • Experience with SSH key management and authentication
  • Understanding of password policies and enforcement

Vulnerability & CVE Management:

  • Demonstrated experience monitoring CVE feeds and responding to security advisories
  • Familiarity with CVE and CVSS scoring systems
  • Experience with vulnerability assessment tools (Nessus, OpenVAS, etc.)
  • Ability to analyze CVE applicability to specific product versions and configurations
  • Understanding of patch management processes and risk assessment

Development & Scripting:

  • Ability to write bash scripts for automation and system administration
  • Comfortable with Python for security tooling, test automation, or system management
  • Understanding of version control (Git) and collaborative development practices
  • Ability to read and understand code in common languages (C, Python, JavaScript) for vulnerability analysis

Security Tools & Technologies:

  • Experience with security monitoring and logging tools
  • Familiarity with encryption and cryptographic concepts
  • Understanding of secure coding practices and secure software development lifecycle (SSDLC)
  • Comfort with lab/test environment setup and infrastructure as code concepts

Personal & Professional Attributes

  • Independent thinker: Ability to work autonomously, make decisions, and take ownership of security outcomes
  • Adversarial mindset: Comfort thinking like an attacker; ability to identify weaknesses others might miss
  • Continuous learner: Commitment to staying current with evolving security threats and technologies
  • Attention to detail: Meticulous in documentation, testing, and verification; security requires precision
  • Problem-solving: Ability to diagnose complex technical issues and develop practical solutions
  • Communication: Clear, written and verbal communication; ability to explain technical concepts to non-technical stakeholders
  • Judgment: Ability to balance security rigor with operational practicality
  • Integrity: Strong ethical foundation; trusted to work with sensitive security information and systems

Preferred Qualifications

  • Certified Ethical Hacker (CEH) or equivalent penetration testing certification (OSCP, GPEN, etc.)
  • CompTIA Security+ or CISSP certification
  • Ubuntu security specialization or deep experience with Ubuntu-based systems
  • Familiarity with security incident response and forensics
  • Experience with security automation and infrastructure-as-code for security
  • Understanding of software supply chain security and dependency management
  • Publications, presentations, or demonstrated contributions to open source security projects
  • Hands-on experience with threat modeling and attack surface analysis
  • Experience in voice over IP field
Department: InfoSec
Job Type: Full Time
Job Location: Auckland

Apply for this position

Allowed Type(s): .pdf

hONG KONG
ANYWHERE NUMBER

Make and Receive Calls To/From
Hong Kong No Matter Where You Are
FOR EXPATS
FOR LOCALS (Traditional Chinese)