Posted about 1 year ago
At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.
The Red Hat Product Security team is looking for a Product Security Engineer to join us either remotely or globally in one of Red Hat's offices. In this role, you'll perform various security-related tasks, including reactive security response, active hardening, and security auditing projects on Red Hat OpenStack Platform and related software-defined networking (SDN) and network function virtualization (NFV) solutions, projects, and toolings. As a Product Security Engineer, you will work with product managers and developers to both conduct meaningful security audits and handle the vulnerability response process from initial analysis to the release of errata. Successful applicants must reside in a country where Red Hat is registered to do business.
- *Primary job responsibilities**
+ Understand current and emerging threats in the enterprise product space with a focus on software-defined networking (SDN), network function virtualization (NFV), and Infrastructure-as-a-Service (IaaS) solutions
+ Work with developers to provide guidance and help understand and make use of security technologies, methodologies, and concepts
+ Communicate flaw information with software developers, managers, quality engineers, upstream project developers, and peers of the Red Hat Product Security team and the security teams of other projects and companies
+ Conduct well-documented security audits and threat analyses on Red Hat's solutions with a primary focus on Red Hat OpenStack Platform
+ Identify, assist with, and develop tools used for code audits
+ Work with product management to empower developers to conduct audits of solutions and implement secure coding practices
+ Bachelor's degree in computer science or equivalent, or relevant work experience
+ Proficiency in Python and C programming languages; working knowledge of Java and associated build tooling is a plus
+ Deep knowledge of identification, analysis, and exploitation of vulnerabilities from high-level flaws in web frameworks to low-level flaws in compiled C binaries
+ Ability to quickly learn new technologies and programming languages
+ Knowledge of Linux operating system and virtualization; knowledge of KVM and QEMU is a plus
+ Solid understanding of networking, SDN, and NFV concepts and technologies, particularly technologies like OpenDaylight (ODL), Open vSwitch (including DPDK) and Open Virtual Network (OVN) as used with Red Hat OpenStack Platform
+ Solid understanding of Infrastructure-as-a-Service (IaaS) concepts and architectures with a focus on Red Hat OpenStack Platform
+ Ability to conduct software security audits and threat analyses
+ Deep understanding of software vulnerabilities, prevention, and exploitation
+ Excellent organizational skills
+ Ability to interact effectively with cross-functional teams and to work on your own with minimum supervision
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.
- *Job ID** _68247_
- *Category** _Software Engineering_