Red Hat Product Security is looking for a Senior Product Security Engineer to join our global Resilient Development team. Red Hat's Resilient Development Team focuses on Secure Development and proactively improving the security posture of our Products and Services portfolio and their build pipelines.

In this role you will actively collaborate with Software Engineering Teams to ensure that our products, services, and their build pipelines adhere to Red Hat’s Secure Software Development Lifecycle. You will perform security architecture reviews and security assessments of those offerings and their pipelines throughout their development life cycle, in collaboration with Engineering and other Product Security teams, to make sure the expectations of our Secure Software Development Framework implementation are met. This process includes analyzing and documenting architecture from a security point of view, questioning security assumptions, finding potential problems, proposing improvements, performing code reviews, defining testing expectations, and promoting secure development best practices from our offerings through to their related open source communities.

As a Senior Product Security Engineer, you will represent the security needs of our customers to our Engineering teams, advocating and planning for a solid foundation of security architecture across the open source ecosystem.

Successful applicants must reside in a state where Red Hat is registered to do business.

What you will do

• Engage with engineering teams to promote security-aware development of Red Hat technologies/solutions.
• Understand current and emerging threats impacting the enterprise product, service and supply chain space.
• Analyze complex software systems and identify potential weaknesses in their architecture and dependency trees.
• Plan and carry out threat modeling activities, and realistic threat simulations across products, services and their productization pipelines.
• Consult with software developers, product and pipeline teams on improved security architecture.
• Ensure that product roadmaps and new features mitigate risk, adhere to security policies, and provide customers with minimal security risk.
• Contribute to customer facing security documentation, reference, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.
• Promote Red Hat Product Security efforts within the community and the greater public.
• Communicate effectively and efficiently with various internal stakeholders about security issues and vulnerabilities.

What you will bring

• Strong understanding of common security vulnerabilities, (e.g. OWASP Top Ten) including how to detect, demonstrate, mitigate and resolve them.
• Good understanding of Linux security technologies and product security experience; for example: POSIX Permissions, ACL, SELinux; Seccomp, Linux namespaces and cgroups.
• Linux administration related to security: secure boot, TPMs, trusted execution environment, Linux boot chain, virtualization, containers and hypervisor security.
• Experience with one or more programming languages like Python, C/C++, and a willingness to learn new ones (preferably Go)
• Knowledge of network access, identity, and access management like public key infrastructure, Oauth, OpenID, SAML, and SPML.
• Ability to work with minimal supervision, in a fast-paced environment with a multicultural team distributed across multiple countries and time zones.
• Solid communication and negotiation skills. Excellent collaboration skills and dedication as a teammate.
• Familiarity with CI/CD pipeline security (e.g., Tekton, Jenkins, GitHub Actions) and artifact signing is a plus
• Knowledge and experience with modern container orchestration systems: Kubernetes, Openshift; comfortable with container technologies is a plus
• Linux-specific and/or security-related certifications (e.g. RHCSA, RHCE, RHCA, CISSP, CISM, CSSLP, CISA etc)is a plus.
• Experience or familiarity with AI-enabled products, services, or workflows is considered beneficial.

About Red Hat

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.

Inclusion at Red Hat

Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.

Equal Opportunity Policy (EEO)

Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.