• Penetration Tester - Product Security

    Location US-Remote
    Posting date 1 month ago(11/12/2018 2:45 AM)
    Job ID
    Software Engineering
  • Company description

    At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

    Job summary

    The Red Hat Product Security team is looking for a Penetration Tester to join us the US. In this role, you’ll help protect our customers that are using our software. We believe that protecting customers and communities from digital security threats and providing quality information needed to mitigate risk and privacy concerns is an integral part of what we do. As someone passionate about open source and security, you will help us achieve that vision. You will work closely with product engineering teams to find vulnerabilities in our solutions and services, question the security assumptions of our solutions, and discover the attack surface of our offerings, all while using open source principles every day. You will collaborate with security engineers to verify threat models and to address found vulnerabilities. This role is essential to the success and growth of our portfolio by ensuring consistent security standards and verification of the same through scanning, penetration testing, and code auditing. Successful applicants must reside in a country or state where Red Hat is registered to do business.

    Primary job responsibilities

    • Plan and carry out penetration testing activities including manual pentesting, scanning using open source and commercial security scanners, using static code analyzers and code auditing
    • Produce pentesting reports that include tools and methods used, areas tested and types of weaknesses found, vulnerabilities discovered as well as recommendations for addressing them
    • Follow industry advancements and build internal know-how in exploitation techniques, frameworks, scanners, debuggers, and methodologies
    • Work with product and security engineers on improving the security posture of our solutions
    • Act as a subject matter expert in security scanners, static source code analyzers and debuggers, providing guidance to management in areas of expertise

    Required skills

    • 3+ years of practical penetration testing experience
    • Demonstrated ability to perform manual security code audit
    • Proficiency using security scanners, static code analyzers and debuggers
    • Understanding of common weaknesses and exploitation techniques
    • Experience with cloud technologies and Linux operating systems
    • Bachelor's degree in computer science or equivalent, or relevant work experience
    • Ability to work in a fast-paced environment with diverse teams distributed across the globe
    • Track record of finding and responsibly disclosing vulnerabilities in open source software
    • Relevant certifications including Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified Expert Penetration Tester (CEPT), GIAC Penetration Tester (GPEN), Offensive Certified Security Professional (OSCP), and similar

    Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

    Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.


    Interested in this job?

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed