• Offensive Security Engineer - Product Security

    Location AU-Remote
    Posting date 3 weeks ago(1/29/2019 8:46 AM)
    Job ID
    66403
    Category
    Software Engineering
  • Company Description

    At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

    Job summary

    The Red Hat Product Security team is looking for an Offensive Security Engineer to join us in Australia. Our mission is to advance the open source security landscape by collaborating with communities of customers, contributors, and partners to protect people against privacy and security risks. In this role, you will make our mission your own. You will work closely with product engineering and the open source community to find vulnerabilities in our hosted products and service offerings, question the security assumptions of our offerings, and demonstrate real attacks. You will collaborate with security engineers to verify threat models and to address identified vulnerabilities. Your work will be essential to the success and growth of our solutions portfolio by ensuring consistent security standards and verification of the same through scanning, penetration testing, and code auditing. As an Offensive Security Engineer, you’ll need to be passionate about open source and security. Successful applicants must reside in a country where Red Hat is registered to do business.

    Primary job responsibilities

    • Conduct methodical and well-structured source code analyses, producing solid artifacts demonstrating coverage and developing uncovered vulnerabilities into real attacks against real environments
    • Design and implement tooling and frameworks for automated testing and vulnerability discovery and schedule automated testing activities and reviews
    • Carry out offensive testing like red team or pen-testing of hosted products using existing and custom-made tooling and deliver detailed and actionable reports following issues through to remediation
    • Actively engage in upstream open source software communities to guide good security practices and identify issues early in the pipeline

    Required skills

    • Deep understanding of software vulnerabilities and exploitation from low-level memory safety to high-level business logic in web frameworks
    • Proficiency using and understanding current state-of-the-art techniques in security scanners, static code analyzers, fuzz-testing, and debugging tools
    • Solid understanding of Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and Platform-as-a-Service (PaaS) cloud technology paradigms
    • Solid understanding of Linux at both the system internals and user tool chain levels, particularly of RHEL
    • Proficiency in multiple programming languages with a focus on Golang, Python, and C
    • Solid understanding of the x86 architecture; knowledge of ARM architecture is a plus
    • Excellent written and verbal communication skills in English
    • Prior knowledge of Red Hat OpenShift Container Platform and relevant security topics are a major plus
    • Record of finding and responsibly disclosing vulnerabilities is a plus


    Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.


    Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed