Key skills
JenkinsKubernetesLinuxOpenShiftPythonGoC++CAIGitHub ActionsOAuthSAMLGitHubCI/CDCommunicationCollaborationNegotiationOWASP
About this role
Role Overview
- Engage with engineering teams to promote security-aware development of Red Hat technologies/solutions.
- Understand current and emerging threats impacting the enterprise product, service and supply chain space.
- Analyze complex software systems and identify potential weaknesses in their architecture and dependency trees.
- Plan and carry out threat modeling activities, and realistic threat simulations across products, services and their productization pipelines.
- Consult with software developers, product and pipeline teams on improved security architecture.
- Ensure that product roadmaps and new features mitigate risk, adhere to security policies, and provide customers with minimal security risk.
- Contribute to customer facing security documentation, reference, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.
- Promote Red Hat Product Security efforts within the community and the greater public.
- Communicate effectively and efficiently with various internal stakeholders about security issues and vulnerabilities.
Requirements
- Strong understanding of common security vulnerabilities, (e.g. OWASP Top Ten) including how to detect, demonstrate, mitigate and resolve them.
- Good understanding of Linux security technologies and product security experience; for example: POSIX Permissions, ACL, SELinux; Seccomp, Linux namespaces and cgroups.
- Linux administration related to security: secure boot, TPMs, trusted execution environment, Linux boot chain, virtualization, containers and hypervisor security.
- Experience with one or more programming languages like Python, C/C++, and a willingness to learn new ones (preferably Go).
- Knowledge of network access, identity, and access management like public key infrastructure, Oauth, OpenID, SAML, and SPML.
- Ability to work with minimal supervision, in a fast-paced environment with a multicultural team distributed across multiple countries and time zones.
- Solid communication and negotiation skills.
- Excellent collaboration skills and dedication as a teammate.
- Familiarity with CI/CD pipeline security (e.g., Tekton, Jenkins, GitHub Actions) and artifact signing is a plus.
- Knowledge and experience with modern container orchestration systems: Kubernetes, Openshift; comfortable with container technologies is a plus.
- Linux-specific and/or security-related certifications (e.g. RHCSA, RHCE, RHCA, CISSP, CISM, CSSLP, CISA etc) is a plus.
- Experience or familiarity with AI-enabled products, services, or workflows is considered beneficial.
Tech Stack
- Jenkins
- Kubernetes
- Linux
- OpenShift
- Python
- Go
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities