Senior Product Security Engineer - Cryptography

Red Hat's products form the foundation of the enterprise IT landscape, and the trust in those products is built on cryptography. As the cryptographic landscape faces its greatest shift in a generation—the transition to Post-Quantum Cryptography (PQC)—Red Hat is building out our portfolio team to govern our cryptographic future. We are forming a Portfolio Crypto Team, a strategic partnership between Product Security (ProdSec) and RHEL Security. As a Senior Product Security Engineer, your mission is to own and execute key cryptographic modernization initiatives and act as the primary enabler for product teams across Red Hat. You will be the recognized go-to person for cryptographic implementation outside of RHEL, helping teams adopt new policies, integrate modern libraries, and audit their applications. This role expects you to be an expert and owner of cryptography, build relationships across teams, and enable others by scaling your expertise to drive portfolio-wide adoption. What You Will Do Container Cryptography Audits & Strategy: Act as the primary technical owner for auditing Go-based cryptographic implementations within OpenShift and container runtimes (CRI-O, Podman). You will identify and resolve cryptographic discrepancies where containerized applications fail to correctly leverage the host's FIPS or PQC providers. Primary technical owner responsible for continuing the implementation and integration of Red Hat's cryptographic inventory tools (e.g., Crypto Scanner). Partner with the Principal Product Security Engineer to define and implement scanner policies for detecting cryptographic assets in our build pipelines. Work directly with pipeline and data teams to integrate these tools and produce a sustainable Cryptographic Bill of Materials (CBOM). Portfolio's Crypto Enablement Partner: Partner with product teams to integrate Merkle Tree Certificate support within the portfolio’s unified security fabric. Serve as the primary go-to technical consultant for product teams (like OpenShift, Ansible, and Middleware) navigating cryptographic migrations (e.g., PQC, FIPS). Consult directly with engineers to audit their code, understand their dependencies (e.g., python-cryptography), and build migration plans that align with the portfolio-wide policy. Enable other teams by creating documentation, best-practice guides, and office hours to scale your expertise. Drive Foundational Crypto Integration and Dependency Management: Define the functional requirements for and partner on the integration of new cryptographic tools, such as runtime instrumentation for core libraries. Track and manage critical cryptographic dependencies across the portfolio, working with RHEL Security and other teams to resolve blockers and ensure the successful, sequential delivery of modern crypto capabilities. What You Will Bring Multi-Language Technical Expertise: Deep, hands-on experience in Go and Python is required. You must be able to audit cryptographic implementations in these languages and understand their interaction with core C-based libraries (OpenSSL, NSS, libcrypto). Applied Cryptography and PKI: Broad knowledge in applied cryptography (PKI, TLS, digital signatures). Strong understanding of modern cryptographic challenges, including Post-Quantum Cryptography (PQC). Container & Cloud-Native Security: Strong understanding of OCI specifications and how container runtimes interact with cryptographic hardware (HSMs) or kernel-level providers. Project Ownership: Proven experience owning and delivering complex, cross-team technical projects from design to completion. You can move from a technical deep-dive with a developer to a strategic roadmap discussion with a Product Manager. Collaborative Leadership: A track record of building relationships across teams and acting as a recognized go-to person. You must be able to enable others to succeed. Problem Solving: Strong analytical skills to diagnose complex dependencies and technical blockers in a large-scale software portfolio. Bonus Skills: Previous experience contributing to or maintaining core cryptographic libraries or security-focused Go projects. Familiarity with SPIFFE/SPIRE or Sigstore/Cosign. Experience with Merkle Tree implementations or binary-level runtime analysis. Familiarity with FIPS validation processes in virtualized/containerized environments. The salary range for this position is $131,420.00 - $216,870.00. Actual offer will be based on your qualifications. Pay Transparency Red Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat’s compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience. About Red Hat Red Hat ( is the world’s leading provider of enterprise open source ( software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We are a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact. Benefits Comprehensive medical, dental, and vision coverage Flexible Spending Account - healthcare and dependent care Health Savings Account - high deductible medical plan Retirement 401(k) with employer match Paid time off and holidays Paid parental leave plans for all new parents Leave benefits including disability, paid family medical leave, and paid military leave Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more! Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States. Inclusion at Red Hat Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village. Equal Opportunity Policy (EEO) Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law. Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee. Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email View email address on click.appcast.io. General inquiries, such as those regarding the status of a job application, will not receive a reply. #J-18808-Ljbffr Red Hat, Inc.