Posted almost 5 years ago

At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

The Red Hat OpenShift Service Reliability Engineering (SRE) team is looking for a Security and Compliance Engineer to join our Security team. Red Hat OpenShift is a leading enterprise Kubernetes container platform and SRE is the first team to host and manage the code in the public cloud. Along with the rest of the team, you will interact with SRE, product engineering, project management and compliance associates around the world to deliver large, secure, containerized cluster environments. As a Security and Compliance Engineer, you’ll need to have the ability to work in a complex and fast-paced environment, keeping Enterprise Kubernetes–the globally-distributed, cloud-based, containerized service–compliant, secure, and available for our customers. Successful applicants must reside in a state where Red Hat is registered to do business.

• Implement security tools and compliance baselines
• Assist in the development and implementation of security plans, policies, and procedures
• Review vulnerabilities and track resolution
• Participate in security assessments, incidents, and responses
• Work with internal Red Hat Information Security, OpenShift SREs, and Product Security and Security Incident Response teams to improve security posture
• Coordinate with our service reliability engineers for an ongoing threat mitigation
• Perform peer code reviews, testing, and common vulnerabilities and exposures (CVE) analysis
• Create and maintain standard operating procedures and formal documentation including reports, slide decks, and architecture diagrams

• Recent, demonstrated experience managing Linux servers, running Red Hat Enterprise Linux (RHEL), CentOS, or Fedora
• Recent, demonstrated experience with enterprise systems monitoring like Zabbix or Nagios; knowledge of Prometheus is a plus
• Recent experience with enterprise configuration management software like Red Hat Ansible Automation, Puppet, or Chef
• 2+ years of experience programming with at least one object-oriented language, preferably with Golang or Python
• 2+ years of experience delivering and supporting a hosted service
• 2+ years of experience with cloud infrastructure like Amazon Web Services (AWS), Google Compute Engine (GCE), or Microsoft Azure
• 1+ years of experience with Kubernetes; 1+ years of experience with docker-based containers is a plus
• 1+ years of experience with compliance program implementation, specifically with ISO/IEC 27001:2013, SOC 2, FedRAMP, etc.
• Experience with intrusion detection systems (IDSs) or detection tools like Snort, psad, ClamAV, or OpenSCAP
• Industry certifications like the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), etc. are a plus

Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.