Product Security Engineer

Job Description

Product Security EngineerPosting Location : Location Remote United StatesPosting date 1 day ago(4/22/2021 7:09 AM)Job ID 85429 Job summary The Red Hat Product Security team is looking for a Product Security Engineer to join us in the U.S. In this role, you will perform audits and assessments of systems and assist in improving robust DevSecOps practices from a security architectural point of view. You will help protect our customers from security risks through secure software curation and maintenance practices and policies. You ll help us protect against logical security threats and provide quality information needed to mitigate and accept risk and privacy concerns. Using open source principles every day, you will work with stakeholders across the Red Hat portfolio of offerings and solutions. You ll perform security assessments and risk analysis through threat modeling in Red Hat s solutions and supported applications, applying methods to minimize risk within traditional data centers, cloud deployments, and container environments, prioritizing them as appropriate for escalation. As a Product Security Engineer, you ll need to be able to think fast to analyze complex problems and you ll be called upon to exercise judgement to prioritize issues that warrant immediate attention. You ll collaborate with Red Hat s engineers and security analysts to help protect customers from these security threats. Red Hat has offices across the United States and well qualified, home-based, security engineers will also be considered to work remotely. Primary job responsibilities

• Consult for technical implementation and remediation of issues
• Rapidly respond and provide quality in-depth analysis of security code and coding practices
• Audit software build and packaging processes to identify risks and risk mitigation strategies
• Prioritize tasks to ensure that serious issues receive immediate attention, including vulnerabilities, configurations, communication paths, and encryption
• Communicate quickly and efficiently with internal stakeholders about security issues and vulnerabilities
• Create technical documentation about vulnerabilities, including proposed mitigations and fixes, in a clear and easy-to-understand manner
• Partner closely with stakeholders to assist with producing technical solutions to technical problems
• Understand current and emerging threats and threat vectors in the enterprise product space

Required skills

• 5+ years of experience with current security software technologies and threat modeling
• Solid background in software management practices, including source code management, secure deployment of software, continuous integration (CI) and continuous delivery (CD), and other release engineering practices
• Solid background in agile and DevSecOps practices
• Understanding of modern container technologies
• Fluent written and verbal communication skills in English
• Ability to work in a fast-paced environment with diverse teams distributed across the globe

The following are considered a plus:

• Familiarity with open source software and open source as a business model
• Experience and proficiency with Linux operating systems
• Debugging and analysis experience using GDB, Valgrind, strace, and other programming-level or system-level debuggers
• Programming experience with C or C++; proficiency in multiple languages, including Python, Java, Ruby, or Go is a big plus
• Knowledge of Red Hats portfolio of open source software offerings and solutions
• Bachelors degree in a technology-related discipline; preferably in computer science or engineering

#LI-REMOTE About Red Hat Red Hat is the world s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.Benefits

• Comprehensive medical, dental, and vision coverage
• Flexible Spending Account - healthcare and dependent care
• Health Savings Account - high deductible medical plan
• Retirement 401(k) with employer match
• Paid time off and holidays
• Paid parental leave plans for all new parents
• Leave benefits including disability, paid family medical leave, and paid military leave
• Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!

Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.Interested in this job ApplyApplyShareSorry the Share function is not working properly at this moment. Please refresh the page and try again later.Share on your newsfeed,

Keyskills :
penetration testingrisk analysisfirewallidscustomer relationssoftware buildopen source softwarenetworkingrisk mitigationhybrid cloudthreat modeling