Position Title: DevOps Engineer – Linux Infrastructure, Security & Compliance

Department: Infrastructure / Security
Employment Type: Full-Time, Permanent
Location: Onsite – 110 Symonds St, Auckland
Mentorship: Direct mentorship from senior leadership (25+ years Linux systems & network engineering experience)

Who We're Looking For

Deltapath is hiring a DevOps Engineer with deep expertise in Linux infrastructure, operating system security, and compliance-driven system hardening. This role focuses on building and maintaining secure-by-default Linux environments across physical, virtual, and cloud-based infrastructure.

This role sits at the intersection of Linux systems administration and security research. You will spend your time doing practical security work: replicating CVEs in lab environments, exploring kernel internals, testing network access controls, and probing our infrastructure for weaknesses — all under direct mentorship from a seasoned Linux engineer.

If you've never compiled a kernel, written a Bash script that solved a real problem, or set up a Linux service from scratch, this role is not for you.

What You'll Do

You will be responsible for ensuring that all systems are hardened, continuously compliant, auditable, and resilient against modern security threats, while supporting scalable infrastructure and automation practices.

CVE Analysis & Verification

• Monitor CVE feeds (NVD, Ubuntu Security Notices, GitHub advisories) and triage relevance to our infrastructure and products
• Reproduce CVEs in isolated lab environments — setting up the vulnerable configuration, confirming exploitability, and verifying that patches resolve the issue
• Use AI tools (Claude, ChatGPT) to accelerate understanding of exploit mechanics, then validate findings hands-on
• Produce clear technical documentation: does this CVE affect us? What's the evidence? What's the fix?

Linux Kernel & Systems Research

• Implement and enforce Linux OS hardening standards across all systems.
• CIS Benchmarks
• Explore kernel security mechanisms: AppArmor, SELinux, namespaces, capabilities, seccomp
• Investigate system calls, privilege escalation vectors, and attack surfaces in Linux internals
• Build and test kernel configurations; experiment with kernel modules and security subsystems
• Document and share findings with the engineering team
• Manage vulnerability scanning and remediation for OS-level issues.

Network Security

• Learn and test PacketFence network access control and FreeIPA identity management
• Explore VLAN configurations, 802.1X authentication, and network segmentation
• Analyze firewall rules (iptables/nftables) and trace packet flow through the network stack
• Test for lateral movement paths and access control bypass techniques

Ethical Hacking & Penetration Testing (Supervised)

• Conduct supervised penetration tests against Deltapath infrastructure and products
• Identify misconfigurations, privilege escalation paths, and security gaps
• Think offensively — approach systems as an attacker would, document what you find, and work with your mentor to develop remediation

Product Security (UC Appliance)

• Learn the architecture of Deltapath's Linux-based UC appliance
• Identify security risks in product dependencies, third-party libraries, and system configuration
• Contribute to security hardening improvements

What You Must Be Able to Do — Right Now

These are not "nice to haves." If you cannot demonstrate these skills in an interview or practical assessment, you will not progress.

Linux Systems (Hands-On Required)

• Navigate and administer a Linux system entirely from the command line — no GUI
• Manage users, groups, file permissions, processes, services, and systemd units
• Write Bash scripts that do something useful: parse logs, automate a task, check system state
• Install, configure, and troubleshoot Linux services (SSH, DNS, web servers, firewalls) from scratch
• Understand how Linux networking works: interfaces, routing, iptables, DNS resolution
• Read and interpret log files to diagnose a system problem

Security Fundamentals

• Explain common vulnerability classes (privilege escalation, SUID abuse, misconfigured services) with concrete examples
• Understand cryptography fundamentals: symmetric vs. asymmetric encryption, hashing, TLS handshake
• Describe how a firewall rule is evaluated and how NAT works
• Demonstrate basic understanding of CVE structure and severity scoring (CVSS)

Programming Basics

• Comfortable with Bash scripting (write it, not just read it)
• Basic C literacy — enough to read kernel code or a simple exploit and understand what it does
• Python is a bonus; it's used widely in security tooling

Experience & Education

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, with up to 1–2 years of hands-on experience — whether professional, internship, or self-directed. Your practical skills and personal projects matter more than your degree or job title.

Preferred (Will Set You Apart)

• CTF experience: Active on Hack The Box, TryHackMe, PicoCTF, or similar — show us your profile
• GitHub activity: Personal projects, security tools, scripts, or contributions that demonstrate real work
• Kernel tinkering: Built a custom kernel, written a kernel module, explored kernel source
• Virtualization: Set up lab environments using Proxmox, KVM, VirtualBox, or similar
• Bug bounty participation: Submitted reports through HackerOne, Bugcrowd, or vendor programs
• Security certifications: CompTIA Linux+, Security+, CEH, or actively studying for one
• Security writing: Blog posts, write-ups, or documented experiments — even informal ones

What This Role Is Not

• It is not a role for candidates who have only studied security concepts in lectures without applying them
• It is not a SOC analyst or compliance role
• It is not remote or hybrid — you will work onsite in a hands-on learning environment
• It is not expected that you manage live infrastructure independently from day one

What You'll Get

• Direct mentorship from engineers with 25+ years of Linux systems and network engineering experience — a rare and genuinely accelerated learning environment
• Exposure to real infrastructure, real vulnerabilities, and real security decisions
• A defined growth path into a security specialist role over 2–3 years
• The opportunity to build deep Linux and security expertise at a product company where your work has direct impact

Job Types: Full-time, Permanent

Benefits:

• Gym membership
• Visa sponsorship

Work Location: In person