Senior Product Secuirty Engineer

Senior Product Security Engineer - AI CVE Exploitability

At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

Job Summary
Red Hat Product Security is looking for an individual passionate about open source,  security and AI development to join us as a Product Security Engineer.  As a Product Security Engineer focused on the development of AI based CVE exploitability analysis, you will test the accuracy of new AI models used to determine applicability and exploitability of incoming CVEs and analysis against Red Hat core platforms. Using open source principles every day, you will collaborate with our product engineering teams to improve the AI models and accuracy. You will utilize your understanding of security principles and standards as you compare the model with non-AI analysis.  

Primary role responsibilities:

• Understand industry practices and standards for assessing emerging vulnerability threats in the enterprise product space.

• Conduct manual risk assessments of vulnerabilities for comparison

• Engage with AI engineering teams to test and validate model behavior and accuracy

• Consult with software developers and product teams on improved security architecture..

• Contribute to customer facing security documentation, reference, and other data as used by the common vulnerabilities and exposures (CVE) pages.

• Promote Red Hat Product Security efforts within the community and the greater public. 

Required Skills:

• Relevant knowledge in computer science/engineering or equivalent/relevant work experience.

• Practical experience with AI models, neural networks, and generative tooling

• Strong understanding of common security vulnerabilities, (e.g. OWASP top ten) including how to detect, demonstrate, mitigate and resolve them. 

• Proficiency in common programming languages like Go, Python, Java, C/C++,  and the ability to learn new ones.

• Knowledge and experience with modern container technologies: Kubernetes, Openshift; comfortable with docker/Linux containers.

• Ability to work, with minimum supervision, in a fast-paced environment with a multicultural team distributed across multiple countries and time zones.  

• Good communication and negotiation skills in English. Excellent collaboration skills and dedication as a teammate.

The following will be considered a plus:

• Red Hat/Linux specific certifications like RHCSA, RHCE, RHCA etc are favorable.

• Security certifications including CISSP, CISM , CSSLP, CISA etc are appreciated.

• Familiarity with open source software and open source as a business model.

• Relevant work experience with cloud technologies like AWS, Azure, etc.

• Have domain expertise in CI/CD processes, SW lifecycle release processes and its tools.

#LI-JC1

The salary range for this position is $144,660.00 - $238,650.00. Actual offer will be based on your qualifications.

Pay Transparency

Red Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat’s compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience. 

About Red Hat

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.

Benefits
●    Comprehensive medical, dental, and vision coverage
●    Flexible Spending Account - healthcare and dependent care
●    Health Savings Account - high deductible medical plan
●    Retirement 401(k) with employer match
●    Paid time off and holidays
●    Paid parental leave plans for all new parents
●    Leave benefits including disability, paid family medical leave, and paid military leave
●    Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more! 

Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States. 

Diversity, Equity & Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from diverse backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions of diversity that compose our global village.

Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.