FedRamp Product Security Engineer

Join to apply for the FedRamp Product Security Engineer role at Red Hat

At Red Hat, we connect an innovative community of customers, partners, and contributors to deliver an open source stack of trusted, high-performing solutions. We offer cloud, Linux, middleware, storage, and virtualization technologies, together with award-winning global customer support, consulting, and implementation services. Red Hat is a rapidly growing company supporting more than 90% of Fortune 500 companies.

The Red Hat Product Security Compliance team is seeking a knowledgeable and proactive Product Security Engineer to achieve our security and compliance objectives. The team is growing with a vision to address increasingly complex compliance standards like FedRAMP and digital sovereignty laws worldwide. In this role, you should have excellent problem-solving skills and a deep technical understanding of information systems and computing solutions. You should be a team player who works well with others.

Red Hat embraces a remote working culture and promotes work flexibility. This team, and many of the people you would work with, are remote, and you would be welcome to work from home.

1. Responsible for the security and compliance of systems related to our Digital Sovereign Commercial and FedRAMP environments.
2. Lead technical discussions across multi-functional engineering teams and third-party auditors.
3. Support the continuous improvement of the Red Hat environments through automation and process maturation.
4. Support downstream integration of open-source projects; collaborate to develop and implement Red Hat-specific capabilities from upstream.
5. Research and analyze new tools, technologies, and services for suitability within a containerized environment.
6. Serve as an evangelist of security and compliance both inside Red Hat and externally, with partners or within the open-source community.

1. Experience supporting systems to obtain Authorization through FedRAMP or RMF process.
2. Must be a US Citizen for FedRAMP.
3. Knowledge of cloud security practices and technologies.
4. Experience supporting compliance efforts in hybrid-cloud environments.
5. Experience with Kubernetes, OpenShift, or similar technologies.
6. Proficiency in programming, scripting, and markup languages such as Go, Python, and XML, and automation tools.
7. Proven ability to work effectively remotely and independently.
8. Ability to analyze security controls, assess risks, and design control measures per FedRAMP standards.
9. Strong communication skills for presenting technical concepts to diverse audiences.
10. Familiarity with cloud providers (AWS, Azure) and security tools (vulnerability management).
11. Relevant certifications (CISSP, CISM, CCSP, CISA) are a plus.
12. Experience with open-source software and interest in AI are additional pluses.
13. US citizenship is required.