Key skills
Applied CryptographyOpenSSLPost-Quantum CryptographyProject OwnershipCollaborative LeadershipPythonGoFIPS ValidationAnsibleOpenShift
About this role
Red Hat is the world’s leading provider of enterprise open source software solutions, and they are seeking a Senior Product Security Engineer to own and execute key cryptographic modernization initiatives. The role involves acting as the primary enabler for product teams across Red Hat, helping them adopt new policies and integrate modern libraries.
Responsibilities:
- Own Cryptographic Discovery and Inventory Tooling:Act as the primary technical owner responsible for continuing the implementation and integration of Red Hat's cryptographic inventory tools (e.g., Crypto Scanner).You will partner with the Principal Product Security Engineer to define and implement scanner policies for detecting cryptographic assets in our build pipelines.You will work directly with pipeline and data teams to integrate these tools and produce a sustainable Cryptographic Bill of Materials (CBOM)
- Act as the Portfolio's Crypto Enablement Partner:Serve as the primary go-to technical consultant for product teams (like OpenShift, Ansible, and Middleware) navigating cryptographic migrations (e.g., PQC, FIPS).You will consult directly with engineers to help them audit their code, understand their dependencies (e.g., python-cryptography), and build migration plans that align with the portfolio-wide policy.You will enable other teams by creating documentation, best-practice guides, and office hours to scale your expertise
- Drive Foundational Crypto Integration and Dependency Management:Define the functional requirements for and partner on the integration of new cryptographic tools, such as runtime instrumentation for core libraries.You will track and manage critical cryptographic dependencies across the portfolio, working with RHEL Security and other teams to resolve blockers and ensure the successful, sequential delivery of modern crypto capabilities
Requirements:
- Broad knowledge in applied cryptography (PKI, TLS, digital signatures) and hands-on experience with core libraries (OpenSSL, NSS, libcrypto)
- Strong understanding of modern cryptographic challenges, including Post-Quantum Cryptography (PQC)
- Proven experience owning and delivering complex, cross-team technical projects from design to completion
- A track record of building relationships across teams and acting as a recognized go-to person
- Strong analytical skills to diagnose complex dependencies and technical blockers in a large-scale software portfolio
- Hands-on experience with Python or Go cryptographic libraries
- Hands-on experience with runtime analysis tools
- Familiarity with FIPS validation processes