Key skills
FedRAMP AuthorizationRisk ManagementCloud SecurityKubernetesOpenShiftGoPythonXMLAWSAzureVulnerability ManagementCISSPCISMCCSPCISAAIClaudeCommunication
About this role
Red Hat is a leading provider of enterprise open source software solutions, and they are seeking a knowledgeable and proactive Product Security Engineer to achieve their security and compliance objectives. The role involves ensuring the security and compliance of systems, leading technical discussions, and supporting continuous improvement through automation.
Responsibilities:
- Responsible for the security and compliance of systems related to our Sovereign Commercial and FedRAMP environments
- Comfortable leading technical discussions across multi-functional engineering teams and third party auditors
- Support the continuous improvement of the Red Hat environments through automation and maturation of processes
- Support the downstream integration of open-sourced projects; collaborate to develop and implement Red Hat specific capabilities from the upstream
- Research and analyze new tools, technologies and services for technical suitability within a containerized environment
- Serve as an evangelist of security and compliance both inside Red Hat and externally, with partners or within the open-source community
Requirements:
- Experience supporting systems obtain an Authorization through the FedRAMP or RMF process
- Knowledge of cloud security practices and technologies
- Experience securing and supporting compliance efforts in cloud environments
- Proven track record of being effective when working remotely and in a self-directed capacity
- Strong communication skills; capable of presenting technical compliance concepts to both technical and non-technical audiences
- Experience with AI assisted development tools like Claude, Cursor, etc
- U.S Citizen
- Ability to analyze security controls, assess risks, and design control measures in alignment with FedRAMP standards
- Experience working with Kubernetes, OpenShift, or similar technologies
- Experience with programming, scripting and markup languages, such as Go, Python, and XML, as well as automation tools
- Familiarity with cloud service provider environments (e.g., AWS, Azure) and relevant security tools (e.g., vulnerability management)
- Experience with a FedRAMP 20-X pilot program
- Experience with open-source software
- Relevant certifications, such as CISSP, CISM, CCSP, or CISA, are a plus