Join Red Hat Product Security's Vulnerability Management Team in EMEA as a Senior Product Security Engineer. You will be vital in protecting our customers and the open source community from security risks. This role focuses on the critical incident management and coordination of high-profile Customer Security Awareness (CSAw) events impacting Fedora and other Open Source Software (OSS) projects. If you are passionate about open source, security, and swift risk mitigation, you will lead the timely remediation and disclosure of significant flaws. You will need sharp problem-solving skills to coordinate cross-functional teams, perform rapid risk assessments, and craft essential vulnerability metadata. Be a driving force in defining our vulnerability response strategy and ensuring alignment with the EU Cyber Resilience Act (CRA).
What you will do
1. Manage and provide timely response and disclosure of security vulnerabilities and incidents across Red Hat software, Fedora, and other OSS projects.
2. Ensure Red Hat Product Security processes and disclosures align with the EU Cyber Resilience Act (CRA) and other relevant regulations.
3. Conduct in-depth risk assessments on vulnerabilities in Red Hat OSS projects and communicate risks effectively to diverse stakeholders (engineers, architects, senior leadership).
4. Contribute to customer-facing security documentation, references, and data, including Common Vulnerabilities and Exposures (CVE) pages and metadata.
5. Provide technical leadership, mentor junior engineers, and drive continuous improvement in vulnerability management practices (e.g., contributing to SBOM generation).
6. Actively participate in relevant OSS working groups to shape and implement industry standards for vulnerability disclosure and coordination.
What you will bring
7. Demonstrated ability to build and maintain strong relationships and foster collaboration, trust, and accountability with key stakeholders and within Open Source communities.
8. Ability to manage stressful situations effectively, using quick, agile thinking, strong problem-solving, and relationship management to guide incident resolution.
9. Expert knowledge and practical understanding of the Linux Operating System.
10. Proven expertise in security vulnerabilities, risk assessment, and the Confidentiality, Integrity, and Availability (CIA) triad.
11. Strong change management skills to identify, track, and implement improvements for continuous enhancement of incident response following security events.
12. Ability to work effectively and autonomously in a demanding, fast-paced, and culturally diverse environment across multiple time zones.
13. Exceptional professional written and verbal communication skills in English.
The following are considered are plus:
14. Active participation and contributions to the Fedora OSS project.
15. Familiarity with open source software principles and business models.
16. 6+ years of experience in cybersecurity incident management and coordination and/or with delivering technology-related software
17. Bachelor’s degree in a technical field. Industry certifications like CISSP, CSSLP, CISA/CISM, PMP are a plus.
18. Experience with data analysis, gap analysis, and professional presentation skills.
19. Knowledge and experience with modern container technologies (Kubernetes, OpenShift); comfortable with docker/Linux containers.
About Red Hat
is the world’s leading provider of enterprise software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.
Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.
Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.
Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email. General inquiries, such as those regarding the status of a job application, will not receive a reply.