Key skills
AnsibleCloudOpenShiftPythonGoPodmanLeadershipProblem Solving
About this role
Role Overview
- Container Cryptography Audits & Strategy: Act as the primary technical owner for auditing Go-based cryptographic implementations within OpenShift and container runtimes (CRI-O, Podman).
- Identify and resolve cryptographic discrepancies where containerized applications fail to correctly leverage the host's FIPS or PQC providers.
- Act as the primary technical owner responsible for continuing the implementation and integration of Red Hat's cryptographic inventory tools (e.g., Crypto Scanner).
- Partner with the Principal Product Security Engineer to define and implement scanner policies for detecting cryptographic assets in our build pipelines.
- Work directly with pipeline and data teams to integrate these tools and produce a sustainable Cryptographic Bill of Materials (CBOM).
- Partner with product teams to integrate Merkle Tree Certificate support within the portfolio’s unified security fabric.
- Serve as the primary go-to technical consultant for product teams (like OpenShift, Ansible, and Middleware) navigating cryptographic migrations (e.g., PQC, FIPS).
- Consult directly with engineers to help them audit their code, understand their dependencies (e.g., python-cryptography), and build migration plans that align with the portfolio-wide policy.
- Enable other teams by creating documentation, best-practice guides, and office hours to scale your expertise.
- Define the functional requirements for and partner on the integration of new cryptographic tools, such as runtime instrumentation for core libraries.
- Track and manage critical cryptographic dependencies across the portfolio, working with RHEL Security and other teams to resolve blockers and ensure the successful, sequential delivery of modern crypto capabilities.
Requirements
- Multi-Language Technical Expertise: Deep, hands-on experience in Go and Python is required.
- Applied Cryptography and PKI: Broad knowledge in applied cryptography (PKI, TLS, digital signatures).
- Strong understanding of modern cryptographic challenges, including Post-Quantum Cryptography (PQC).
- Container & Cloud-Native Security: Strong understanding of OCI specifications and how container runtimes interact with cryptographic hardware (HSMs) or kernel-level providers.
- Project Ownership: Proven experience owning and delivering complex, cross-team technical projects from design to completion.
- Collaborative Leadership: A track record of building relationships across teams and acting as a recognized go-to person.
- Problem Solving: Strong analytical skills to diagnose complex dependencies and technical blockers in a large-scale software portfolio.
- Bonus Skills: Previous experience contributing to or maintaining core cryptographic libraries or security-focused Go projects.
- Familiarity with SPIFFE/SPIRE or Sigstore/Cosign.
- Experience with Merkle Tree implementations or binary-level runtime analysis.
- Familiarity with FIPS validation processes in virtualized/containerized environments.
Tech Stack
- Ansible
- Cloud
- OpenShift
- Python
- Go
Benefits
- Comprehensive medical, dental, and vision coverage
- Flexible Spending Account
- healthcare and dependent care
- Health Savings Account
- high deductible medical plan
- Retirement 401(k) with employer match
- Paid time off and holidays
- Paid parental leave plans for all new parents
- Leave benefits including disability, paid family medical leave, and paid military leave
- Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!