Senior Product Secuirty Engineer

Senior Product Security Engineer - AI CVE Exploitability

At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

Job Summary
Red Hat Product Security is looking for an individual passionate about open source, security and AI development to join us as a Product Security Engineer. As a Product Security Engineer focused on the development of AI based CVE exploitability analysis, you will test the accuracy of new AI models used to determine applicability and exploitability of incoming CVEs and analysis against Red Hat core platforms. Using open source principles every day, you will collaborate with our product engineering teams to improve the AI models and accuracy. You will utilize your understanding of security principles and standards as you compare the model with non-AI analysis.  

Primary role responsibilities:

• Understand industry practices and standards for assessing emerging vulnerability threats in the enterprise product space.

• Conduct manual risk assessments of vulnerabilities for comparison

• Engage with AI engineering teams to test and validate model behavior and accuracy

• Consult with software developers and product teams on improved security architecture..

• Contribute to customer facing security documentation, reference, and other data as used by the common vulnerabilities and exposures (CVE) pages.

• Promote Red Hat Product Security efforts within the community and the greater public. 

Required Skills:

• Relevant knowledge in computer science/engineering or equivalent/relevant work experience.

• Practical experience with AI models, neural networks, and generative tooling

• Strong understanding of common security vulnerabilities, (e.g. OWASP top ten) including how to detect, demonstrate, mitigate and resolve them. 

• Proficiency in common programming languages like Go, Python, Java, C/C++, and the ability to learn new ones.

• Knowledge and experience with modern container technologies: Kubernetes, Openshift; comfortable with docker/Linux containers.

• Ability to work, with minimum supervision, in a fast-paced environment with a multicultural team distributed across multiple countries and time zones.  

• Good communication and negotiation skills in English. Excellent collaboration skills and dedication as a teammate.

The following will be considered a plus:

• Red Hat/Linux specific certifications like RHCSA, RHCE, RHCA etc are favorable.

• Security certifications including CISSP, CISM , CSSLP, CISA etc are appreciated.

• Familiarity with open source software and open source as a business …