• Threat Model Engineer

    Location US-Remote
    Posting date 2 weeks ago(2 weeks ago)
    Job ID
    Information Technology, Software Engineering
  • Company description

    At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

    Job summary

    The Red Hat Product Security team is looking for an engineer that's passionate about open source, security, and risk management to join us as a Threat Model Engineer in North America. In this role, you will work closely with product engineering teams to investigate and document architecture, security assumptions, and trust boundaries of our offerings. You’ll also work with internal content teams and related stakeholders to produce threat modelling artifacts and work with a pentesting team to verify results. Successful applicants must reside in a country or state where Red Hat is registered to do business.

    Primary job responsibilities

    • Plan and carry out threat modelling activities and realistic threat simulations across our offerings
    • Work closely with stakeholders from development, quality engineering (QE), program management, documentation, and product security teams during threat modeling
    • Work with various stakeholders and business teams to provide threat modeling training
    • Build internal knowledge, processes, KPIs, and tools to support threat modeling
    • Create artifacts for various stakeholders and customers that document the output of threat modeling activities

    Required skills

    • 3+ years of practical infosec and cybersecurity experiences
    • Outstanding written and verbal communications skills in English
    • Experience with cloud technologies and Linux operating systems
    • Proficiency in software development processes; experience in a release engineering, quality assurance (QA), operations, or development environment
    • Ability to work in a fast-paced environment with diverse teams distributed across the globe
    • Bachelor's degree in computer science or equivalent; relevant work experience will also be considered
    • Ability to perform technical risk analysis, assessment, and mitigation
    • At least one certification like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)

    The following are considered a plus:


    • Demonstrable experience with threat modelling in an enterprise environment
    • Familiarity with open source software development
    • Familiarity with Red Hat's enterprise solutions portfolio and related industry offerings
    • Understanding of operating systems, software package management, containers, automation, and related technologies

    Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

    Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.


    Interested in this job?

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed