Principal Software Engineer - Security

About the job

The Red Hat Product Security team is looking for a Software Engineer. In this role, you will work as part of a team responsible for the development and maintenance of applications that generate vulnerability metadata (published in standardized formats such as CSAF VEX or OVAL) for our customers and 3rd party scanning vendors. You will work on establishing a software component registry to enable governance of components making up our products. All applications are mostly backend-heavy and written in Python.

In this role, you will be a part of a small team (~10 developers) whose focus is on crafting highly usable tools, services, and solutions. You will frequently have to solve challenging data problems, be comfortable with learning new technologies when the need arises, and collaborate with other team 

members to align on a common vision for the entire application portfolio.

What you will do

- Design and develop a registry for tracking software components in our products (example: create a manifest for RHEL).

- Design and develop tooling to generate a SBOM for our products.

- Design and develop API for querying our software component registry by internal teams (example: can component X in version Y be used to build Z? What is the license of component X in version Y?)

- Improve and maintain CI/CD pipelines of applications deployed in various environments (example: improving automated deployment to an OpenShift cluster).

- Serve as an adviser to our stakeholders on process-related inquiries (example: advise on data model for storing CVE which impact component X).

- Continuously improve the process of Red Hat's software delivery (example: suggest/implement automation for legal approval of components in the registry).

What you will bring

- Advanced (5+ years) knowledge of the Python programming language and its ecosystem

- Intermediate (3+ years) experience with Linux system administration

- Intermediate (3+ years) with relational databases (PostgreSQL)

- Interest in the container ecosystem (that is, Kubernetes, Red Hat OpenShift, Docker, Podman)

- Well versed with agile methodologies and comfortable with rapid iteration and fast delivery

- Good understanding of system architecture

- Good written and verbal communication skills in English

Nice to have

Any hands-on experience with the following tools and technologies is not required, but interacting with them will be a part of your daily job responsibilities:

- Django, Celery, JavaScript/HTML/CSS

- Ansible, OpenShift

- GitLab CI

The salary range for this position is $135,370 to $179,350. Actual offer will be based on your qualifications.