Product Security Engineer

At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

Job summary

Red Hat Product Security is looking for a Product Security Engineer to join us in Pune, India. In this role, you will work closely with product managers and developers, conduct meaningful security audits, and handle the vulnerability response process from initial analysis to the release of errata. You’ll also help with security-related tasks like reactive security response, active hardening, and security auditing projects on Red Hat OpenShift solutions, projects, and tooling. This is a great opportunity to play an active role in container and virtualization-related projects and communities like KubeVirt, Kubernetes, Red Hat OpenShift, Red Hat OpenShift Service Mesh, and Istio.

Primary job responsibilities

  • Understand current and emerging threats in the enterprise product space with a focus on Istio, Red Hat OpenShift Service Mesh, containers, and Red Hat OpenShift solutions
  • Work with developers to provide guidance and help them understand and make use of security technologies, methodologies, and concepts
  • Communicate flaw information to software developers, managers, quality engineers, upstream project developers, and peers in the Red Hat Product Security team and the security teams of other projects and companies
  • Conduct well-documented security audits and threat analyses on Red Hat’s solutions with a primary focus on Red Hat OpenShift and KubeVirt
  • Identify, assist with, and develop tools used for code audits
  • Work with product management teams to empower developers to conduct audits of solutions
  • Manage work queues to minimize service level agreement (SLA) breaches

Required skills

  • Proficiency in programming languages such as Golang, JavaScript or Python, and the ability to learn new ones
  • Interest in the container ecosystem like Kubernetes and Red Hat OpenShift, Docker, gVisor, Azure, etc.
  • 2+ years of practical experience and understanding of security technology and methodology
  • 2+ years experience with and skills in debugging and analysis, especially using tools like GNU Debugger (GDB), Valgrind, strace, and other programming or system-level debuggers
  • Excellent organizational skills
  • Ability to work on your own in a fast-paced environment with a multicultural team distributed across multiple countries and time zones
  • Outstanding written and verbal communication skills in English

The following are considered are plus:

  • Knowledge of the Getting Things Done (GTD) productivity system
  • Familiarity with open source software development and business models
  • Experience with reverse engineering (RE) and security research
  • Practical experience with cloud-based technologies
  • Experience with Linux; system administration experience is a big plus

Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat

Open source software company

Technology we use

Microsoft Azure