Senior Product Security Engineer

About the position

Red Hat Product Security is looking for a Senior Product Security Engineer to join our global Vulnerability Management Team. Red Hat's Vulnerability Management Team responds to threats in a predictable manner that reduces risk to Red Hat portfolio and customers. We do this by identifying, assessing & mitigating all potential vulnerabilities and weaknesses that impact our Products and Services portfolio, and then orchestrating our response, by coordinating with the stakeholders. In this role, you will work closely with the Vulnerability Remediation Engineers, Security Architects, Product Managers and Developers, performing risk assessment of the vulnerabilities affecting Red Hat portfolio, and crafting the vulnerability metadata supporting our key stakeholders.

Responsibilities

• Respond to security vulnerabilities, weaknesses and incidents, within the Red Hat portfolio of Products and Services.
• Contribute to customer facing security documentation, reference, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.
• Research the impact of new flaws affecting Red Hat's offerings and communicate risk to stakeholders with different technical understanding, like senior leadership, engineers, architects, etc.
• Coordinate with key stakeholders internally and externally, as appropriate, ensuring an effective management of the vulnerabilities and the security incidents.
• Provide technical leadership, mentor junior engineers, and drive collaboration to deliver high-impact solutions while fostering a culture of innovation and excellence.
• Contribute in the industry coordination working groups to shape the industry wide vulnerability disclosure and coordination standards as well as to adopt and implement those standards within the organization.

Requirements

• 5+ years Product Security Experience
• Experienced knowledge and understanding of Linux Operating System
• Proficiency in common programming languages like C/C++, Python, Java, Go
• Familiarity with Source Code Management tools like Git
• Strong understanding of security vulnerabilities including the confidentiality, integrity, and availability triad
• Significant experience in security technologies and methodologies like authentication and authorization, encryption, and risk assessments
• Ability to work on your own in a fast-paced environment with a multicultural team distributed across multiple countries and time zones
• Outstanding written and verbal communication skills in English

Nice-to-haves

• Experience on Secure SDL tools and technologies like pentesting, threat modeling, etc.
• Knowledge and experience with modern container technologies: Kubernetes, Openshift; comfortable with docker/Linux containers.
• Familiarity with open source software and open source as a business model.

Benefits

• Comprehensive medical, dental, and vision coverage
• Flexible Spending Account - healthcare and dependent care
• Health Savings Account - high deductible medical plan
• Retirement 401(k) with employer match
• Paid time off and holidays
• Paid parental leave plans for all new parents
• Leave benefits including disability, paid family medical leave, and paid military leave
• Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!