Principal Product Security Engineer

Job Description

Principal Product Security EngineerLocation Remote India New DelhiPosting date 18 hours ago(3/29/2021 4:42 AM) Job summary The Red Hat Products and Technologies Customer Experience and Operations (PnT CXnO) team is looking for an experienced Principal Product Security Engineer to join the Red Hat Product Security Incident Response Team [PSIRT] in India, preferably in Pune. In this role, you will perform analysis and collaborate with other Red Hat engineers to ensure that Red Hat continues to protect customers from meaningful security concerns. You will process tasks assigned to virtualization technologies like QEMU or KVM shipped with Red Hat Enterprise Linux (RHEL) and fully analyze and assess risks, and track resolutions. Youll help us reduce the risk to customers using our offerings by constantly monitoring for vulnerabilities and threats, triaging their impact on our customers, and addressing those that matter the most quickly. Youll handle and prevent security vulnerabilities in Red Hats offerings and services. Youll represent the security needs of users within emerging technologies, processes, and offerings, advocating and planning for a solid foundation of security within these efforts. Primary job responsibilities

• Provide detailed analysis of security issues
• Prioritize tasks to ensure that critical vulnerabilities get immediate attention
• Communicate flaw information with our software developers, managers, quality engineers, upstream project developers, and peers on vendor security response teams
• Document vulnerabilities, flaws, mitigation, and their fixes through the entire update release life cycle in the teams knowledge base
• Ensure proper customer facing documentation, reference, and other data as used by the common vulnerabilities and exposures (CVE) pages
• Coordinate with upstream communities and vendors for embargoed bugs, their patches, and common release dates
• Understand current and emerging threats in the enterprise product space
• Promote Red Hat Product Security efforts within the community and greater public
• Engage with development teams to promote security aware development of Red Hat technologies and solutions

Required skills

• Bachelors degree in computer science, engineering, or equivalent work experience
• Solid knowledge and experience of Linux system administration
• Good understanding of the Linux virtualization software stack e.g., KVM, QEMU, and libvirt
• Experience with debugging and analysis, using tools like the GNU Debugger (GDB), Valgrind, strace, and other programming or system-level debuggers
• Understanding of Linux security technologies and product security experience
• Proficiency in low level programming languages (C, x86_64 assembly language) and low or Kernel level programming
• Understanding of the x86_64 architecture e.g., basic concepts plus hardware assisted virtualization
• Ability to work in a fast-paced environment with a multicultural team distributed across multiple countries and time zones
• Solid communication, collaboration, and negotiation skills
• Ability to work with minimum supervision

The following are considered a plus:

• Active contribution to open source projects like Fedora.
• Red Hat or Linux specific certifications like Red Hat Certified System Administrator (RHCSA), Red Hat Certified Engineer (RHCE), or Red Hat Certified Architect (RHCA)
• Working knowledge of continuous integration (CI) or continuous delivery (CD) processes, software life cycle release processes and its tools
• Ability to quickly learn new technologies and solutions
• Understanding of modern container technologies: Kubernetes, OpenShift; deep knowledge in docker or Linux containers
• Proficiency in non-x86 assembly language e.g., ARM, PPC
• Understanding of other machine architectures e.g., ARM, PPC

#LI-REMOTE About Red Hat Red Hat is the world s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.OptionsApplyApplyShareSorry the Share function is not working properly at this moment. Please refresh the page and try again later.Share on your newsfeed,

Keyskills :
open source softwarered hat enterprise linuxnetworkingsecurity incident responsefirewallidscustomer relationsred hat certified engineerpenetration testinglow level programmingred hat certified engineer rhce