Senior Product Security Engineer - Vulnerability Management (EMEA)

Join Red Hat Product Security's Vulnerability Management Team in EMEA as a Senior Product Security Engineer. You will be vital in protecting our customers and the open source community from security risks. This role focuses on the critical incident management and coordination of high-profile Customer Security Awareness (CSAw) events impacting Fedora and other Open Source Software (OSS) projects. If you are passionate about open source, security, and swift risk mitigation, you will lead the timely remediation and disclosure of significant flaws. You will need sharp problem-solving skills to coordinate cross-functional teams, perform rapid risk assessments, and craft essential vulnerability metadata. Be a driving force in defining our vulnerability response strategy and ensuring alignment with the EU Cyber Resilience Act (CRA).

What you will do

• Manage and provide timely response and disclosure of security vulnerabilities and incidents across Red Hat software, Fedora, and other OSS projects.
• Ensure Red Hat Product Security processes and disclosures align with the EU Cyber Resilience Act (CRA) and other relevant regulations.
• Conduct in-depth risk assessments on vulnerabilities in Red Hat OSS projects and communicate risks effectively to diverse stakeholders (engineers, architects, senior leadership).
• Contribute to customer-facing security documentation, references, and data, including Common Vulnerabilities and Exposures (CVE) pages and metadata.
• Provide technical leadership, mentor junior engineers, and drive continuous improvement in vulnerability management practices (e.g., contributing to SBOM generation).
• Actively participate in relevant OSS working groups to shape and implement industry standards for vulnerability disclosure and coordination.

What you will bring

• Demonstrated ability to build and maintain strong relationships and foster collaboration, trust, and accountability with key stakeholders and within Open Source communities.
• Ability to manage stressful situations effectively, using quick, agile thinking, strong problem-solving, and relationship management to guide incident resolution.
• Expert knowledge and practical understanding of the Linux Operating System.
• Proven expertise in security vulnerabilities, risk assessment, and the Confidentiality, Integrity, and Availability (CIA) triad.
• Strong change management skills to identify, track, and implement improvements for continuous enhancement of incident response following security events.
• Ability to work effectively and autonomously in a demanding, fast-paced, and culturally diverse environment across multiple time zones.
• Exceptional professional written and verbal communication skills in English.

The following are considered are plus:

• Active participation and contributions to the Fedora OSS project.
• Familiarity with open source software principles and business models.
• 6+ years of experience in cybersecurity incident management and coordination and/or with delivering technology-related software
• Bachelor’s degree in a technical field. Industry certifications like CISSP, CSSLP, CISA/CISM, PMP are a plus.
• Experience with data analysis, gap analysis, and professional presentation skills.
• Knowledge and experience with modern container technologies (Kubernetes, OpenShift); comfortable with docker/Linux containers.

About Red Hat

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.

Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.

Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.