Senior Product Security Engineer

About The Role

Red Hat Product Security is looking for a Senior Product Security Engineer to join our global Resilient Development team. Red Hat's Resilient Development Team focuses on Secure Development and improving proactively the security posture of our Products and Services portfolio and their build pipelines. As a Product Security Engineer working in the Secure Software Development team you will work to improve the security posture of our offerings. Your main responsibility will be to perform security architecture reviews and threat modeling, and the review of additional security testing of our offerings throughout the development lifecycle, in collaboration with Engineering and other Product Security teams, to make sure the expectations of our Secure Software Development Framework implementation are met. This process includes analyzing and documenting architecture from a security point of view, questioning security assumptions, finding potential problems, proposing improvements, performing code reviews, defining testing expectations, and promoting secure development best practices from our offerings through to their related open source communities. In other words, you will represent the security needs of our customers to our offering teams, advocating and planning for a solid foundation of security across the open source ecosystem.

Successful applicants must reside in a state where Red Hat is registered to do business.

What You'll Do

• Engage with Engineering teams to promote security-aware development of Red Hat technologies/solutions.
• Understand current and emerging threats in the enterprise software product and service space.
• Analyze complex software systems and identify potential weaknesses in their architecture.
• Plan and carry out threat modeling activities, and realistic threat simulations across our offerings.
• Consult with software developers and product teams on improved security architecture.
• Ensure that product roadmaps and new features mitigate risk, adhere to security policies, and provide customers with minimal security risk.
• Contribute to customer-facing security documentation, technical references, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.
• Promote Red Hat Product Security efforts within the community and the greater public.

What You'll Bring

• Bachelor's degree in computer science/engineering or equivalent/relevant work experience.
• Strong understanding of common security vulnerabilities, (e.g. OWASP Top Ten) including how to detect, demonstrate, mitigate and resolve them.
• Good understanding of Linux security technologies and product security experience; for example: POSIX permissions, ACLs, SELinux; Seccomp, Linux namespaces and cgroups; Linux administrations related to security: secure boot, TPMs, trusted execution environment, Linux boot chain, virtualization, containers and hypervisor security.
• Experience with one or more programming languages like Go, Python, C/C++, and a willingness to learn new ones.
• Knowledge and experience with modern container orchestration systems: Kubernetes, Openshift; comfortable with container technologies.
• Work experience and/or certifications with cloud providers and cloud-related technologies (AWS, Azure, GCP, etc).
• Ability to work with minimal supervision, in a fast-paced environment with a multicultural team distributed across multiple countries and time zones.
• Solid communication and negotiation skills. Excellent collaboration skills and dedication as a teammate.

The Following Will Be Considered a Plus

• Familiarity with open-source software and open-source as a business model.
• Linux-specific and/or security-related certifications (e.g. RHCSA, RHCE, RHCA, CISSP, CISM, CSSLP, CISA etc).

Key skills/competency

• Product Security
• Threat Modeling
• Security Architecture Review
• Secure Development Lifecycle
• Linux Security
• Container Security
• Kubernetes
• Cloud Security
• Code Review
• Vulnerability Management