We've currently got three positions in the team currently open. One is focused on Java (JBoss) technologies, another on our new Cloud services, and a final one on our Enterprise Linux product.

Would you like to be part of our dynamic team, and help protect Red Hat's customers and the open source community as a whole from security vulnerabilities?

Each of the positions are challenging and demanding; every day you'll be investigating different issues affecting different products and codebases, having to manage your time on the issues with the greatest impact.

Some of the tasks of the job include (but are not limited to):

• Rapidly responding to new security issues. You'll need to be able to think fast, analyze complex problems, use your judgement to assess vulnerability severities and risks, and switch your priorities to ensure that serious issues get immediate attention.
• Investigating how security flaws specifically impact your products. Research how the flaws can be exploited by attackers; by code analysis, testing exploits, or writing proof of concept tests.
• Communicating about flaws with our software developers, managers, quality engineers, upstream project developers, as well as our peers in the security response teams of other vendors.
• Developing advice and technical documentation for security advisories.
• Responsibility for tracking vulnerabilities through the entire update release lifecycle and ensuring that customers get the right fixes with the right advice at the right time.

We can be flexible with working location. So if this interests you, email me a CV/resume (to mjc at redhat.com) as not all the jobs are on our careers page yet.

The Red Hat SRT is looking for another member to investigate, triage, and respond to security vulnerabilities in Red Hat Enterprise Linux but also across other products and services. You'll join our diverse and enthusiastic team currently spread across eight different countries.

Sound interesting? See the full job description: Security Response Team Software Engineer. If you are interested please use the online application process.

Although the location is specified as the Czech Republic there is actually no specific restriction on the location of this position, and if you're right for the role you could be located at your nearest local world-wide Red Hat office, or possibly even remote.

There are plenty of new products to come, so we're currently hiring for another engineer to join the response team. The full job details are here:

https://redhat.ats.hrsmart.com/cgi-bin/a/highlightjob.cgi?jobid=3685

Although the location is specified as the Czech Republic there is actually no specific restriction on the location of this position, and the candidate could be located at any one of the world-wide Red Hat offices, or potentially even remote.

If you are interested please submit your resume through the online application process, or feel free to mail me with questions.

Hi! I'm Mark Cox. This blog gives my thoughts and opinions on my security work, open source, fedora, home automation, and other topics.

pics from my twitter:

popular tags: [all], apache, apachecon, apacheweek, cve, cvss, fedora, financial, geocaching, ha, metrics, microsoft, nashville, north carolina, red hat summit, redhat, security, trips