Red Hat Product Security is looking for a Security Program Manager - Technical to join our global Vulnerability Management Team. Red Hat’s Vulnerability Management Team responds to threats in a predictable manner that reduces risk to Red Hat portfolio and customers, whilst extending our support to the Open Source Software (OSS) community and Vulnerability Ecosystem Programs. In this role, you will oversee and manage Red Hat’s initiatives to build, develop and maintain strategic partnerships with the OSS community, vulnerability ecosystem partners and other stakeholders. The role requires strong leadership, project management skills, and ability to build long term relationships with external stakeholders, while ensuring program effectiveness and alignment with organizational values.
 

What you will do

• Develop, nurture and maintain relationships with key stakeholders within Red Hat, wider OSS community and CVE Program partners.
• Serve as the single point of contact for program activities as well as multi-project schedules, and statuses
• Contribute in the industry coordination working groups to shape the industry wide vulnerability disclosure and coordination standards as well as to adopt and implement those standards within the organization
• Able to appropriately prioritize work and plan future tasks, accounting for program team needs and requirements. Able to manage projects with minimal supervision. 
• Collaborate with VM Analysts, VM Tooling engineers, CVE Program Partners and other stakeholders to review the quality of CVE’s we publish and fulfil any gaps in our CVE metadata
• Outreach potential Open Source Software (OSS) projects, encourage them to join CVE Program, and as necessary onboard them in the CVE Program.
• Collaborate with OSS maintainers and CVE Program Partners to resolve any disputes for CVE requests and accordingly work with the appropriate stakeholders to execute those decisions
• Performance governance activities for the CNA’s that Red Hat Root manages and establish a framework to encourage their participation in the CVE Program

What you will bring

• 3+ years of managing projects that incorporate multiple teams working in a cross-functional, collaborative environment; ability to bring different groups of people together to collaborate in a community setting
• 3+ years of experience with technical knowledge of software development
• Ability to work in a fast-paced environment with diverse teams distributed across the globe
• Strong process orientation, change management, and proficient documentation skills. Always follows documented processes, providing feedback and innovating when needed.
• Familiarity with different project management methodologies, tools, and issue tracking systems
• Fluent written and verbal communication skills in English
• Security Specific: General understanding of high-level security threats, and security risk management practices. Preferably an understanding of the industry standard software development lifecycle.
• Security Specific: Conceptually understands the criticality of security specific to open-source components and underlying security risks

The following are considered are plus: 

• Bachelor's degree in a related field or equivalent experience
• Experience with the agile methodology
• Industry certification such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Secure Software Lifecycle Practitioner (CSSLP), Project Management Professional (PMP), or similar
• Familiarity with Industry Programs like CVE, OpenSSF, FIRST and others
• Basic knowledge of issue-tracking systems (JIRA preferred)
• Basic understanding of tools such as Confluence and the Google office suite

About Red Hat

Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.

Diversity, Equity & Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from diverse backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions of diversity that compose our global village.

Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.