Description:
The Red Hat Product Security (PSRD) team is looking for an experienced Senior Product Security Engineer to join us remotely or onsite in EMEA countries. In this role, you will be a key designer and engineer focused on building, enhancing, and expanding our security automation capabilities. You will develop the critical tooling that our teams use to perform security scanning (like SAST and DAST), verify business processes, and proactively identify risks across Red Hat's entire portfolio and software supply chain. If you are passionate about building secure, scalable automation and want to make a significant impact on the open source software that powers the enterprise, this role is for you.
Our role is open as onsite/hybrid in our offices or remote in Poland, Portugal, Czech Republic, Ireland.
What you will do
- Lead the design, development, and maintenance of automation for critical product security processes.
- Expand the capabilities of our existing scanning infrastructure (SAST, DAST, etc.) to cover new products, new languages, and emerging types of risk.
- Build and integrate security tools into our CI/CD pipelines to provide continuous feedback to engineers and proactively mitigate risks.
- Collaborate with other Product Security engineers and product teams to understand their needs and build robust, scalable solutions that make their work more efficient and effective.
- Serve as a subject matter expert on security automation and tooling, guiding other engineers and helping to shape our technical strategy.
- Proactively identify new opportunities for automation to reduce manual effort, improve security coverage, and secure our software supply chain.
- Work with upstream open source communities to contribute to, and leverage, new and existing security tooling.
- Document the automation you build to ensure it is maintainable, well-understood, and usable by the wider team.
What you will bring
- Practical experience in building and maintaining automation, preferably for security functions.
- A solid understanding of one or more scripting or programming languages (like Python, Go, or Bash).
- Familiarity with CI/CD principles and tools. Experience with Tekton or Ansible Automation Platform is a significant plus.
- A good understanding of Linux fundamentals and how to operate in a Linux-based environment.
- Knowledge of container technologies (like Docker, Kubernetes, or Red Hat OpenShift) and their security considerations.
- Familiarity with security scanning tools and concepts (SAST, DAST, vulnerability scanning, etc.).
- Experience using AI-powered tools (like code assistants or analysis tools) to improve your workflow is a plus.
- The ability to work independently, manage your own tasks, and provide technical guidance to more junior team members.