Product Security Engineer

At our organization, we believe that security is the bedrock of innovation. Our mission is to provide world-class digital services that empower our users while maintaining the highest standards of digital trust and data integrity. We foster a culture of technical excellence, where engineers are encouraged to be proactive, inquisitive, and dedicated to the craft of building resilient systems. As we continue to expand our footprint in the tech ecosystem, we are looking for a specialist who shares our passion for open-source technology and robust security architectures.

Product Security Engineer (RHEL Specialist)

Remote

Senior (Minimum 5+ Years Professional Experience)

Portuguese and English

Permanent / Full-Time

The Product Security Engineer (RHEL Specialist) is a critical technical position focused on the intersection of infrastructure stability and proactive security posture. The core purpose of this role is to embed automated security controls, hardening standards, and DevSecOps best practices throughout the entire product lifecycle, with a specialized focus on the Red Hat Enterprise Linux (RHEL) ecosystem. You will be the primary architect of security automation, ensuring that our RHEL-based infrastructure is resilient against modern threats while maintaining high availability and operational efficiency.

Role Mission:

To transform traditional security "gates" into automated security "guardrails" within our Linux environment. You will be tasked with identifying system inefficiencies, automating vulnerability remediation, and ensuring that security is a seamless component of our CI/CD pipelines and virtualization stacks.

The ideal candidate is not just a security enthusiast but a seasoned Linux practitioner who understands the nuances of system internals. You will move beyond manual checklists, leveraging Ansible for configuration management and Python/Bash for custom security tooling. Whether managing workloads on-premise through VMware/KVM or across AWS, Azure, or GCP, your objective remains consistent: to provide a secure, standardized, and self-healing platform that serves as the backbone for our product offerings.

Compliance Coverage

95%+ of RHEL fleet adhering to automated security baselines.

Mean Time to Remediate (MTTR)

Reduction in remediation time for critical patches through automated deployment.

Pipeline Security

100% of production builds subjected to automated security gating.

To be successful in the role of Product Security Engineer (RHEL Specialist), candidates must demonstrate a profound technical foundation in Linux systems engineering and a modern, automation-first approach to cybersecurity. We require a professional who has moved beyond basic administration into the realm of infrastructure-as-code and proactive threat mitigation.

Mandatory Experience:

A minimum of

five (5) years

of demonstrable professional experience in Systems Engineering, DevSecOps, or Product Security roles is required. Candidates must have spent a significant portion of this time managing enterprise-scale Red Hat Enterprise Linux environments.

As the core focus of this role, we require "expert-level" knowledge of the RHEL ecosystem (versions 7, 8, and 9). This includes:

Hands-on security engineering experience in at least one major provider: AWS, Azure, or GCP. Knowledge of native security services (e.g., AWS GuardDuty, Azure Security Center) is essential.

Proficiency in managing and securing KVM (Kernel-based Virtual Machine) and VMware vSphere environments.

Solid understanding of Docker image security and Kubernetes (or OpenShift) cluster hardening, including RBAC, Network Policies, and Pod Security Standards.

CI/CD: Proven experience embedding security scans and gates within Jenkins or GitLab CI pipelines.

Version Control: Expert knowledge of Git (branching strategies, merge requests, and GitOps workflows).

Security Scanning: Experience with SAST/DAST/SCA tools (e.g., SonarQube, Snyk, Trivy, or Checkmarx).

While we prioritize practical experience and technical aptitude, the following formal qualifications are highly regarded:

Academic: A Bachelors degree in Computer Science, Information Security, or a related Engineering field.

Linux Certifications: Red Hat Certified Engineer (RHCE) or Red Hat Certified Specialist in Security (Linux or Containers).

Security Certifications: Industry-standard certifications such as CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional), or CISM.

Cloud Certifications: AWS Certified Security - Specialty, or equivalent professional-level cloud certifications.

Technical mastery of Red Hat Enterprise Linux and automation frameworks is a baseline requirement; however, the true effectiveness of a Product Security Engineer is defined by their professional character and interpersonal aptitude. In a modern DevSecOps environment, security is no longer a siloed function but a shared responsibility. We are seeking a candidate who can navigate the complexities of organizational dynamics with diplomacy, precision, and a relentless focus on the mission.

The ideal candidate does not wait for an alert to trigger before taking action. You possess an innate ability to dissect complex system architectures and identify subtle inefficiencies or potential threat vectors before they materialize into operational risks.

Ability to perform deep root-cause analysis rather than applying superficial fixes.

Proactively hunting for "security technical debt" and proposing scalable automation to resolve it.

Anticipating how infrastructure changes will impact the overall security posture.

We value engineers who take radical accountability for the security posture of the products they support. You treat the infrastructure as your own, ensuring that every deployment meets the highest standards of integrity.

A "stop-the-line" mentality when critical security flaws are detected in the product lifecycle.

Demonstrating persistence in seeing complex security remediations through to completion.

Taking pride in maintaining clean, well-documented, and highly secure codebases and configurations.

The "Security as an Enabler" Philosophy:

Success in this role requires a shift from being a "gatekeeper" to being a "guardrail provider." We are looking for a professional who empowers development teams to move fast securely, rather than slowing them down with manual processes and bureaucracy.

Security risks are often abstract; your job is to make them tangible and actionable. You must be able to translate complex technical vulnerabilities into business-impact terms for non-technical stakeholders, while providing specific, code-level guidance to developers.

Strong written communication for creating clear runbooks, security advisories, and architectural documentation.

Ability to remain calm and provide clear instructions during high-pressure security incidents.

Influence without authority: Persuading cross-functional teams to prioritize security enhancements.

The Product Security Engineer works at the nexus of DevOps, Site Reliability Engineering (SRE), and Development. You must be a team player who values diverse perspectives and understands the operational pressures faced by other teams.

Willingness to mentor junior engineers and share RHEL/Security knowledge across the organization.

Actively participating in peer code reviews and architectural design sessions.

Building relationships across departments to foster a healthy, security-first culture.

The cybersecurity landscape changes weekly. We need a candidate with a genuine passion for the field who treats learning as a core part of their daily routine.

Staying abreast of the latest Red Hat releases, CVEs, and open-source security tooling.

Actively participating in the security community (e.g., attending conferences, contributing to open-source projects, or following threat intelligence feeds).

An experimentation-focused mindset—willing to pilot new tools and technologies to improve the organizational security posture.