Product Security Architect - Red Hat Cloud Services
Full Time
Lavoro da casa
Posted
Job description
About the job:
The Red Hat Secure Development team is looking for a Product Security Architect to join us. In this role, you will work to improve the security posture of our offerings. Your main responsibility will be to perform security architecture reviews and threat modeling of our offerings throughout the development life cycle, in collaboration with Engineering and other Product Security teams, to make sure the expectations of our Secure Software Development Framework implementation are met. This process includes analyzing and documenting architecture from a security point of view, questioning security assumptions, finding potential problems, proposing improvements, performing code reviews, defining testing expectations, and promoting secure development best practices from our offerings through to their related open source communities. In other words, you will represent the security needs of our customers to our offering teams, advocating and planning for a solid foundation of security architecture across the open source ecosystem. Successful applicants must reside in a country where Red Hat is registered to do business.
What you will do:
- Collaborate closely with various stakeholders to understand and lead adoption of Secure Software Development Framework practices and activities
- Plan and carry out threat modeling and security architecture review activities, presenting findings and leading to their resolution
- Understand current and emerging threats in the enterprise cloud services space and how they apply to Red Hat’s cloud services offering
- Ensure that product roadmaps and new features mitigate risk, adhere to security policies, and provide customers with minimal security risk
- Guide the development and implementation of security technologies and exploit mitigation techniques, teaching security best practices to development teams
- Maintain security expertise and documentation of assigned Red Hat offerings, sharing these with other teams as needed
- Promote Red Hat Product Security efforts within the upstream community and the greater public
- Bachelor's degree in computer science, engineering, or equivalent field, or relevant work experience
- Experience with and understanding of Secure Software Development Framework practices, including DevSecOps practices
- Excellent understanding of common security vulnerabilities (e.g.: OWASP Top Ten) and how to demonstrate and resolve them
- Good understanding of Linux security technologies like access control and authorization (e.g., POSIX permissions, ACLs, SELinux, Linux kernel capabilities) and process isolation and sandboxing (e.g., chroot, cgroups, Linux namespaces)
- Experience with secure deployment and hardening best practices, network security
- Proficient reading and understanding of one or more common programming languages, like Go, Python, Java, C, or C++.
- Ability to code in at least one scripting language like Python
- Knowledge of and experience with modern container technologies and container orchestration solutions
- Ability to learn new software architectures and desire to learn new software design concepts
- Ability to perform risk assessments and evaluate vulnerabilities in their context (e.g. CIA model, probability and impact, risk acceptance)
- Ability to collaborate in a fast-paced environment, with a multicultural team distributed across multiple countries and time zones
- Very good English skills
The following will be considered a plus:
- Practical experience with Threat Modeling methodologies and their application
- Experience with open source security technologies and communities
- Experience with ethical hacking and penetration testing
- Solid knowledge and experience of Linux system administration
- Red Hat specific certifications like Red Hat Certified System Administrator (RHCSA), Red Hat Certified Engineer (RHCE), and Red Hat Certified Architect (RHCA)
- Security certifications including CISSP, CISM, CSSLP, CISA.
- Familiarity with open source development as a business model
- Relevant work experience with cloud technologies like AWS, Azure, etc.
- Experience securing multi-tenant cloud solutions offered as Software-a- a-Service (SaaS) or Platform-as-a-Service (PaaS)
- Domain expertise in continuous integration and continuous delivery (CI/CD) processes, software life cycle, and release engineering processes and associated tools
#LI-REMOTE #LI-DS2
bryanjabs.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, bryanjabs.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, bryanjabs.com is the ideal place to find your next job.