The Red Hat Product Security Compliance team is seeking a knowledgeable and proactive Senior Product Security Engineer to achieve our security and compliance objectives. The team is growing and we have a big vision particularly as it relates to burgeoning digital sovereignty laws and efforts worldwide. In this role, you should have an excellent ability to solve problems using not just your in-depth technical understanding of information systems and computing solutions, but also hands-on experience leveraging AI capabilities. You should also be a team player who works and coordinates well with a globally distributed team. Red Hat embraces a remote working culture and promotes work flexibility. This team, and many of the people you would work with, are remote and you would be welcome to work from home as well as in the local office. What you’ll be doing: - Own the security and compliance functions related to our digital sovereign commercial product offerings and environments. - Lead technical discussions across multi-functional engineering teams, product and sales teams, as well as with third party auditors. - Support the continuous improvement of Red Hat Product Security through designing, developing, and implementing automation at scale to enable the maturation of processes. - Mentor and aid the growth of junior team members - Support the downstream integration of open-sourced projects; collaborate to develop and implement Red Hat specific capabilities from the upstream. - Serve as an evangelist of security and compliance both inside Red Hat and externally, with partners, customers, or within the open-source community. What you will bring: - Experience working with Kubernetes, OpenShift, Podman, or similar technologies. - Demonstrable knowledge of applying cloud security principles and best practices to a cloud or hybrid cloud environment. - Have developed and delivered secure and attested software in programming languages such as Go and Python is a plus - Experience using AI tools like Cursor AI, Claude, or others to accelerate product development delivery timelines. - Ability to analyze security controls, assess risks, and design control measures in alignment with a variety of standards and frameworks (NIST 800-53, PCI DSS, ISO 27001, etc.). - Proven track record of being effective when working remotely with a global organization and in a self-directed capacity. - Strong communication skills, capable of presenting technical compliance concepts to both technical and non-technical audiences. - Relevant certifications, such as CISSP, CISM, CCSP, or CISA, are a plus. - Experience with open-source software is a plus. About Red Hat Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact. Inclusion at Red Hat Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village. Equal Opportunity Policy (EEO) Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law. Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee. Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.

• Lead all IT functions supporting corporate and program needs • Own security posture, compliance programs, and audit readiness (CMMC 2.0 and SOC 2) • Serve as the primary point of contact for auditors, assessors, and external security partners • Maintain and evolve security policies, standards, and procedures aligned with DoD and federal requirements • Oversee access control, device security, identity management, and incident response processes • Partner with leadership to assess and manage IT and security risk across the organization

• Operar e administrar soluções de Cloud Security, CNAPP, CSPM, Containers Security e Kubernetes Security; • Configurar, monitorar e otimizar WAF/WAAP para proteção contra ameaças web (ex.: OWASP Top 10); • Apoiar na implementação das práticas de API Security, garantindo visibilidade e mitigação de riscos; • Apoiar a resposta a incidentes de segurança em ambientes cloud e aplicações; • Colaborar com times de desenvolvimento, infraestrutura e DevOps, promovendo cultura DevSecOps; • Produzir relatórios, indicadores e recomendações de melhorias contínuas em segurança.

• Assist in the preparation of technical reports; • Assist with technical site visits; • Assist with scheduling and registration of medical exams; • Support Occupational Health and Safety (OHS) routines and requests; • Assist in preparing OHS department documents.