Australia – Telecommute
Job ID: 68247
Category: Software Engineering
At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.
The Red Hat Product Security team is looking for an Offensive Security Engineer to join us in Australia. Our mission is to advance the open source security landscape by collaborating with communities of customers, contributors, and partners to protect against privacy and security risks. In this role, you will make our mission your own. You will work closely with product engineering team and the open source community to find vulnerabilities in our hosted products and service offerings, question the security assumptions of our offerings, and demonstrate real attacks. You will collaborate with security engineers to verify threat models and to address identified vulnerabilities. Your work will be essential to the success and growth of our solutions portfolio by ensuring consistent security standards and verification of the same through scanning, penetration testing, and code auditing. As an Offensive Security Engineer, you should be passionate about open source and security. Successful applicants must reside in a country where Red Hat is registered to do business.
Primary Job Responsibilities:
Conduct methodical and well-structured source code analyses, producing artifacts demonstrating coverage and developing uncovered vulnerabilities into real attacks against real environments
Design and implement toolings and frameworks for automated testing and vulnerability discovery; plan and schedule automated testing activities and reviews
Carry out offensive red team testing and pen testing of hosted offerings using existing and custom-made tooling and deliver detailed and actionable reports following issues through to remediation
Engage in the upstream open source software communities to drive good security practices and identify issues early in the pipeline
Deep understanding of software vulnerabilities and exploitation from low-level memory safety to high-level business logic in web frameworks
Proficiency with using and understanding of the current state-of-the-art techniques in security scanners, static code analyzers, fuzz-testing, and debugging tools
Solid understanding of container technologies and relevant communication interfaces like Red Hat OpenShift, Kubernetes, etc.
Solid understanding of Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and Platform-as-a-Service (PaaS) cloud technology paradigms
Good understanding of Linux at both the system internals and user tool chain levels, particularly of Red Hat Enterprise Linux (RHEL)
Proficient across multiple programming languages with a focus on Golang, Python, and C
Solid understanding of the AMD64 architectures; understanding of the ARM architectures is a plus
Excellent written and verbal communication skills in English
Record of the ability to find and responsibly disclose vulnerabilities is a plus
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions,…