About the Role
RapidFort is looking for a deeply technical Senior OS Engineer to design, build, and maintain secure Linux-based operating system components that power hardened container images and cloud-native workloads.
This role sits at the intersection of Linux systems engineering, package management, and software supply chain security. You will be responsible for identifying vulnerabilities in OS packages, validating fixes, rebuilding or patching components, and ensuring secure, production-grade container images are delivered at scale.
You will work across multiple Linux distributions to curate, harden, and continuously improve the operating system layers used in containerized environments. This includes package-level remediation, dependency resolution, and automation of secure build pipelines.
This is a hands-on engineering role focused on Linux internals, OS packaging, and container image security — not just vulnerability scanning or policy enforcement.
What You’ll Do
OS & Package Security Engineering
- Own end-to-end CVE remediation across Linux OS packages and system libraries
- Analyze vulnerabilities affecting core OS components (glibc, openssl, kernel modules, runtime libraries, etc.)
- Validate upstream fixes and determine patching or backporting strategies
- Rebuild, patch, and curate OS packages across multiple Linux distributions (Debian, RHEL, Alpine, etc.)
Container Image Hardening
- Build and maintain secure, minimal, production-ready container images
- Remove unnecessary packages and reduce image attack surface
- Ensure OS-level changes propagate safely into container environments
- Validate image integrity, compatibility, and runtime stability
Supply Chain Security
- Generate and maintain SBOMs for OS packages and container images
- Implement provenance, signing, and artifact trust mechanisms
- Ensure reproducible and verifiable builds across OS components
- Strengthen software supply chain security across all image pipelines
Automation & Build Systems
- Design and scale automated pipelines for OS patching, package rebuilding, and image generation
- Integrate CVE scanning, remediation, and validation into CI/CD workflows
- Build tooling for OS-level dependency tracking and vulnerability analysis
- Improve build efficiency, reliability, and reproducibility
Cross-Functional Collaboration
- Partner with platform, DevOps, infrastructure, and security teams
- Work closely with engineering teams to integrate secure OS layers into product pipelines
- Support production environments with stable, secure OS baselines
What You Bring
Core Experience
- 5+ years in Linux systems engineering, OS engineering, platform engineering, DevSecOps, or release engineering
- Deep expertise in Linux operating systems and distributions (Debian, RHEL, Ubuntu, Alpine)
- Strong experience with OS package management systems (apt, rpm, dnf, apk)
- Hands-on experience patching, rebuilding, or maintaining OS packages
Technical Depth
- Strong understanding of Linux internals (processes, memory, filesystem, system libraries)
- Experience working with system-level libraries and dependencies (glibc, openssl, etc.)
- Deep knowledge of dependency resolution, ABI compatibility, and package lifecycle management
- Experience with container internals and Linux runtime behavior
Security & Supply Chain
- Experience remediating CVEs in OS packages and container environments
- Understanding of SBOMs, software provenance, signing, and artifact trust models
- Familiarity with supply chain security frameworks (e.g., SLSA, reproducible builds)
Engineering Skills
- Strong scripting/programming ability in Python, Bash, Go, or C/C++
- Experience building CI/CD pipelines for OS or system-level build processes
- Strong debugging skills across Linux systems and build environments
Nice to Have
- Experience contributing to or maintaining Linux distributions or open-source OS projects
- Experience building minimal, distroless, or hardened container images
- Familiarity with package build infrastructure (Koji, OBS, Launchpad, mock, etc.)
- Experience with kernel hardening or low-level OS security modules
- Knowledge of large-scale container security platforms
- Contributions to open-source security, Linux, or container ecosystems
What Success Looks Like
- Rapid and reliable remediation of OS-level CVEs across supported distributions
- Stable and secure base images with minimal attack surface
- Automated, repeatable OS patching and build pipelines
- High-confidence SBOMs and supply chain transparency across all artifacts
- Significant reduction in vulnerability exposure across container environments
- Robust, reproducible OS build and packaging systems
Why This Role Matters
This role is foundational to RapidFort’s mission of eliminating vulnerabilities in containerized environments. Every secure container image begins with a secure OS layer, and this role ensures that foundation is trusted, minimal, and continuously hardened.