As a Product Security Architect working in the Secure Development team you will work to improve the security posture of our offerings. Your main responsibility will be to implement Secure Development Lifecycle controls throughout the development lifecycle, by partnering with Product Engineering and other Product Security teams, to make sure the expectations of our Secure Software Development Framework implementation are met. This process includes analyzing and documenting architecture from a security point of view, questioning security assumptions, finding potential problems, proposing improvements, performing code reviews, defining testing expectations, and promoting secure development best practices from our offerings through to their related open source communities. In other words, you will represent the security needs of our customers to our offering teams, advocating and planning for a solid foundation of security architecture across the open source ecosystem.
What you will do
- Collaborate closely with various stakeholders to understand and drive adoption of Secure Software Development Framework practices and activities.
- Plan and execute threat modeling and security architecture review activities, presenting findings and driving their resolution.
- Understand current and emerging threats in the enterprise operating system space and how they apply to Red Hat platform products.
- Ensure that product roadmaps and new features mitigate risk, adhere to security policies, and provide customers with minimal security risk.
- Drive the development and implementation of security technologies and exploit mitigation techniques, teaching security best practices to development teams.
- Maintain security expertise and documentation of assigned Red Hat offerings, sharing these with other teams as needed.
- Promote Red Hat Product Security efforts within the upstream community and the greater public.
What you will bring
- Bachelor's degree in Computer Science/Engineering or equivalent/relevant work experience.
- Experience with and understanding of Secure Software Development Framework practices including DevSecOps practices
- Strong understanding of common security vulnerabilities and how to demonstrate and resolve them.
- Good understanding of Linux security technologies such as:
- Access control and authorization (e.g.: POSIX permissions, ACLs, SELinux, Linux kernel capabilities);
- Process isolation and sandboxing (e.g.: chroot, cgroups, Linux namespaces);
- Secure deployment and hardening best practices, network security.
- Proficient reading and understanding of one or more common programming languages, such as C/C++, Python, RUST, Go.
- Ability to code in at least one scripting language such as Python.
- Knowledge of and experience with modern container technologies and container orchestration solutions.
- Ability to learn new software architectures and desire to learn new software design concepts.
- Ability to perform risk assessments and evaluate vulnerabilities in their context (e.g. CIA model, probability and impact, risk acceptance) and be able to distinguish between actual risk vs perceived risk.
- Ability to collaborate in a fast-paced environment, with a multicultural team distributed across multiple countries and time zones.
- Good english communication (written and verbal) skills.
Desirable Skills:
- Practical experience with Threat Modeling methodologies and their application.
- Experience with open source security technologies and communities.
- Experience with Ethical Hacking and penetration testing.
- Strong knowledge and experience of Linux system administration.
- Red Hat specific certifications like RHCSA, RHCE and RHCA.
- Security certifications including CISSP, CISM, CSSLP, CISA.
- Familiarity with open source development as a business model.
- Relevant work experience with cloud technologies like AWS, Azure, etc.
- Experience securing multi-tenant cloud solutions offered as Software as a Service (SaaS) or Platform as a Service (PaaS).
- Domain expertise in CI/CD processes, software lifecycle and release engineering processes and associated tools.
#LI-DS2
#LI-REMOTE
Share on your newsfeed
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates have the flexibility to choose the work environment that suits their needs from in-office to fully remote to office-flex. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact. Opportunities are open. Join us.
Diversity, Equity & Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from diverse backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions of diversity that compose our global village.
Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.
