Red Hat Offensive Security Engineer - Product Security in Raanana, Israel

Company Description

At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

Job summary

The Red Hat Product Security team is looking for an Offensive Security Engineer to join us in Ra'anana Israel. In this role, you will help us advance the open source security landscape by collaborating with communities of customers, contributors, and partners to protect against privacy and security risks. You’ll work closely with product engineering and the open source community to find vulnerabilities in our hosted and service offerings, question the security assumptions of our offerings, and demonstrate real attacks. As an Offensive Security Engineer, you will collaborate with security engineers to verify threat models and to address identified vulnerabilities. Your work will be essential to the success and growth of our solutions portfolio by ensuring consistent security standards and verification of the same through scanning, penetration testing, and code auditing. Successful applicants must reside in a country where Red Hat is registered to do business.

Primary job responsibilities

  • Conduct methodical and well-structured source code analyses producing solid artifacts, demonstrating coverage, and developing uncovered vulnerabilities into real attacks against real environments

  • Design and implement tooling and frameworks for automated testing and vulnerability discovery, and plan and schedule automated testing activities and reviews

  • Carry out offensive testing (including red team and pen-testing) of hosted offerings using existing and custom-made tooling; deliver detailed and actionable reports following issues through to remediation

  • Be actively engaged in upstream open source software communities to guide good security practices and identify issues early in the pipeline

Required skills

  • Deep understanding of software vulnerabilities and exploitation

  • Knowledge of low-level memory safety up to high-level business logic in web frameworks

  • Proficiency using and understanding the current state of the art techniques in security scanners, static code analyzers, fuzz-testing, and debugging tools

  • Solid understanding of Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and Platform-as-a-Service (PaaS) cloud technology paradigms

  • Solid understanding of Linux at both the system internals and user toolchain levels, particularly Red Hat Enterprise Linux (RHEL)

  • Proficient across multiple languages with a focus on Golang, Python, and C

  • Solid understanding of the AMD64 architecture; familiarity with ARM architectures is a plus

  • Excellent written and verbal communication skills in English

  • Prior knowledge of Red Hat OpenShift Container Platform and relevant security topics are a plus

  • Record of finding and responsibly disclosing vulnerabilities is a plus

Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Job ID 68251

Category Software Engineering