Vulnerability Management Engineer

About the job

Red Hat Product Security is looking for a Product Security Engineer to join our global Vulnerability Management Team. Red Hat’s Vulnerability Management Team responds to threats in a predictable manner that reduces risk to Red Hat portfolio and customers. We do this by identifying, assessing & mitigating all potential vulnerabilities that impact our Products and Services portfolio, and then orchestrate our response, by coordinating with the stakeholders. In this role, you will work closely with the Vulnerability Remediation Engineers, Security Architects, Product Managers and Developers and a few customers of Red Hat, performing risk assessment of the vulnerabilities affecting Red Hat portfolio, and crafting the vulnerability metadata supporting our key stakeholders.

What you will do

• Respond to security vulnerabilities, weaknesses and incidents, within the Red Hat portfolio of Products and Services.

• Contribute to customer facing security documentation, reference, and other data as used by the Common Vulnerabilities and Exposures (CVE) pages.

• Research the impact of new flaws affecting Red Hat's offerings and communicate risk to stakeholders with different technical understanding, like senior leadership, engineers, architects, etc.

• Coordinate with key stakeholders internally and externally, as appropriate, ensuring an effective management of the vulnerabilities and the security incidents

• Contribute in the industry coordination working groups to shape the industry wide vulnerability disclosure and coordination standards as well as to adopt and implement those standards within the organization

What you will bring

• Experienced knowledge and understanding of Linux Operating System

• Proficiency in common programming languages like C/C++, Python, Java, Go

• Familiarity with Source Code Management tools like Git

• Strong understanding of security vulnerabilities including the confidentiality, integrity, and availability triad

• Significant experience in security technologies and methodologies like authentication and authorization, encryption, and risk assessments

• Ability to work on your own in a fast-paced environment with a multicultural team distributed across multiple countries and time zones

• Outstanding written and verbal communication skills in English

The following are considered are plus: 

• Knowledge and experience with modern container technologies: Kubernetes, Openshift; comfortable with Linux.

• Familiarity with open source software and open source as a business model.