Product Security Engineer Incident Response Team (EMEA)

Join Red Hat Product Securitys Vulnerability Management Team in EMEA as a Product Security Engineer. As a vital member of Red Hat Product Securitys Vulnerability Management team you will act as a frontline defender protecting our customers and the open-source this role you will manage the full lifecycle of reported vulnerabilities with a primary focus on publicly disclosed Common Vulnerabilities and Exposures (CVE). By combining technical expertise in Red Hats product dependencies with a deep understanding of business risk you will lead rapid assessments coordinate cross-functional engineering teams and craft essential vulnerability metadata. We are looking for a sharp problem-solver passionate about swift risk mitigation to help define our response strategy and ensure our software remains resilient against an ever-changing threat landscape.

Our role is open as onsite/hybrid in our offices (Milan Brno Waterford Barcelona Madrid Dublin Cork) or remote in Poland Italy Portugal Spain Czech Republic Ireland.

What you will do

• Manage and provide timely response to publicly disclosed security vulnerabilities (CVEs) and incidents across Red Hat software Fedora and other OSS projects.
• Maintain secure products and components to minimize customer impact and exposure to vulnerabilities and exploitations within internal SLAs.
• Lead coordination efforts with cross-functional teams (e.g. Engineering Product Management Content Team) to ensure timely accurate and consistent remediation and communication for all assigned public CVEs
• Understand the full lifecycle of Red Hat products including where product metadata is maintained and how to update it within custom Product Security Tools
• Reverse engineer and create reproducers of vulnerabilities affecting code and articulate how it can or cannot be mitigated to the appropriate audience.
• Contribute to customer-facing security documentation references and data including CVE pages and metadata.

What you will bring

• Must have 4 years of experience with at least one Red Hat product (e.g. Red Hat Enterprise Linux OpenShift Ansible etc.) OR significant experience working on a complex enterprise Linux distribution large-scale open-source software project or modern container platform (e.g. Kubernetes)
• Proficiency in common programming languages like C/C Python Java Go and familiarity with Source Code Management tools like Git
• Strong knowledge of application security concepts such as OWASP Top 10 bug types CWE CVSS scoring
• Proven ability to independently coordinate complex security responses with globally distributed cross-functional teams in a fast-paced environment
• Understanding of how AI/ML technologies intersect with software security and vulnerability analysis

The following are considered are plus:

• 4 years of experience in cybersecurity incident management and coordination and/or with delivering technology-related software
• Bachelors degree in a technical field. Industry certifications like CISSP CSSLP CISA/CISM OSCP CEH Comptia Security or GIACare a plus.
• Knowledge and experience with modern container technologies (Kubernetes OpenShift); comfortable with docker/Linux containers.

About Red Hat

Red Hat is the worlds leading provider of enterprise open source software solutions using a community-powered approach to deliver high-performing Linux cloud container and Kubernetes technologies. Spread across 40 countries our associates work flexibly across work environments from in-office to office-flex to fully remote depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas no matter their title or tenure. Were a leader in open source because of our open and inclusive environment. We hire creative passionate people ready to contribute their ideas help solve complex problems and make an impact.

Inclusion at Red Hat
Red Hats culture is built on the open source principles of transparency collaboration and inclusion where the best ideas can come from anywhere and anyone. When this is realized it empowers people from different backgrounds perspectives and experiences to come together to share ideas challenge the status quo and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access and that all voices are not only heard but also celebrated. We hope you will join our celebration and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.

Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race color religion sex sexual orientation gender identity national origin ancestry citizenship age veteran status genetic information physical or mental disability medical condition marital status or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for and will not pay any fees commissions or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application email . General inquiries such as those regarding the status of a job application will not receive a reply.