Security Community and Compliance Architect (EMEA)

Are you ready to shape the future of open source security turning global regulations like the European Unions Cyber Resilience Act (CRA) into a catalyst for upstream community excellence The CRA marks a definitive turning point in the governance of the global software supply chain shifting open source from best-effort security to a regulated environment. Red Hat is seeking a Security Community Architect to join the Open Source and AI Program Office (OSAIPO) and lead this transformation.

Starting with Linux and beyond to hybrid cloud and AI Red Hat works with upstream open source communities to make enterprise-ready software thats hardened tested and securely distributed. Weve spent more than two decades collaborating on community projects so we can continue to develop software that pushes the boundaries of technological ability.

Are you a diplomat technologist and strategist who can navigate the complex intersection of global regulation and open source governance In this pivotal role you will act as the primary bridge between Red Hats Product Security Legal and Engineering teams and the upstream communities we steward e.g. Fedora and Ansible. This is not about checking compliance boxes. You will accelerate and implement Red Hat Champion Stewardship helping maintainers adopt pragmatic security policies Coordinated Vulnerability Disclosure (CVD) workflows and supply chain standards (SBOMs OSPS SLSA) without stifling innovation.

While the CRA is the immediate catalyst your mandate extends far beyond regulatory adherence to focus on the long-term health and vitality of our ecosystems actively nurturing the security posture of our upstream communities collaborating with Product Security and the OSAIPO Data Team to integrate best-of-breed tools and practices into our upstream-first culture.

At Red Hat our commitment to open source innovation extends beyond our products - its embedded in how we work and grow. Red Hatters embrace change especially in our fast-moving technological landscape and have a strong growth this role you will have the opportunity to proactively thoughtfully and ethically use AI to simplify your work cut complexity and boost efficiency.

This position may require some international travel.

What you will do

• Conduct security practice reviews and gap analyses for identified open source projects (e.g. Ansible Fedora and other 15 projects as the starting point) to help create a tailored CRA Readiness Roadmap that aligns with the projects existing governance and Red Hat Stewardship Guidelines.
• Collaborate with community maintainers to draft socialize and publish verifiable security policies (CVD IRP etc.) and artifacts drive adoption of security tools (e.g to produce consistent accurate SBOMs) and integration of security practices (like OSPS SLSA).
• Serve as the primary CRA contact educating maintainers on the benefits of CRA while adhering to our community-first principles ensuring requirements are pragmatic and developer-centric. Collaborate with different stakeholders (Product Security Legal Engineering etc.) to develop resources and training materials that promote secure open source development and upstream engagement best practices.
• Monitor for and analyze global security regulatory and standards developments impacting open source communities starting with CRA implementing acts but then expanding to other regulations.
• Work with multiple stakeholder teams (such as Product Security Engineering Emerging Technologies) to map and rationalize Red Hats community commitments in key security-related projects. You will identify upstream communities germane to our security strategy and ensure they have the appropriate vitality and level of participation.
• Cultivate our presence and reputation in security-related organizations (e.g. OpenSSF Eclipse Standards Bodies) and relevant industry events (e.g KubeCon) help to exercise or sponsor benefits and support execution.
• Work with our engineering legal security communications product and recruiting teams to turn security related contributions into powerful stories that demonstrate the strength of open source and position Red Hat as a Champion Open Source Stewardship and beyond.

What you will bring

• Familiarity with the evolving global regulation landscape regarding open source (such as the CRA) and an understanding of key organizations involved in standardization and security tooling (e.g. OpenSSF ISO Eclipse).
• Knowledge of the security landscape including Zero Trust software supply chain security vulnerability management (CVD/CVE) incident response (IR) and secure software development lifecycles (e.g standards like OSPS SSDF).
• Proven experience participating in open source software development with a deep understanding of community governance and the unique ability to motivate volunteers and negotiate consensus without direct authority.
• Strong organizational skills to manage complex multi-year projects (short-term pilots vs. long-term cultural shifts) while effectively collaborating with internal stakeholders to prioritize resources.
• Exceptional written verbal and presentation skills ranging from drafting technical documents to translating policy for engineering to driving social media engagement with a desire to continuously refine how you tell the story of secure open source.
• Familiarity with the modern cloud native stack including Linux-based developer tools Continuous Integration (CI) systems containers and Kubernetes enabling you to speak the same language as maintainers.
• Experience with the modern AI stack including how tools like Claude Gemini or Cursor can be used in daily practice for speeding up both technical and non-technical tasks.
• Experience working with communities like OpenSSF CNCF and OWASP to scout new strategic opportunities and manage a 360-degree view of our engagements from evaluating sponsorships to events support to fostering the next generation of secure open source technologies.

About Red Hat

Red Hat is the worlds leading provider of enterprise open source software solutions using a community-powered approach to deliver high-performing Linux cloud container and Kubernetes technologies. Spread across 40 countries our associates work flexibly across work environments from in-office to office-flex to fully remote depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas no matter their title or tenure. Were a leader in open source because of our open and inclusive environment. We hire creative passionate people ready to contribute their ideas help solve complex problems and make an impact.

Inclusion at Red Hat
Red Hats culture is built on the open source principles of transparency collaboration and inclusion where the best ideas can come from anywhere and anyone. When this is realized it empowers people from different backgrounds perspectives and experiences to come together to share ideas challenge the status quo and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access and that all voices are not only heard but also celebrated. We hope you will join our celebration and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.

Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race color religion sex sexual orientation gender identity national origin ancestry citizenship age veteran status genetic information physical or mental disability medical condition marital status or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for and will not pay any fees commissions or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application email . General inquiries such as those regarding the status of a job application will not receive a reply.