Senior Product Security Portfolio and Delivery Incident Commander
Role details
Job location
Tech stack
Job description
- Incident Command & Orchestration: Lead and coordinate cross-functional teams (Engineering, Product Management, Site Reliability Engineering, and Quality Engineering) during major and minor security incidents to ensure timely remediation and disclosure.
- Rapid Response Management: Act as the primary authority during rapid response escalations, managing the "battle rhythm" of the incident and ensuring all technical and non-technical workstreams are synchronized.
- Vulnerability-to-Incident Transition: Oversee the lifecycle of vulnerabilities that escalate into incidents, ensuring that triage, analysis, and prioritization are handled with clinical precision.
- Stakeholder Communication: Provide quick and efficient updates to various internal stakeholders about incident status, technical mitigations, and potential customer impact.
- Remediation Consultation: Consult on technical implementations and remediation strategies, ensuring that proposed fixes address the root cause and align with Red Hat's secure software development standards.
- Knowledge Artifact Readiness: Ensure that critical documentation-including Security Vulnerability articles, blogs, and technical advisories-is prepared and validated for timely publication.
- Continuous Improvement: Lead post-incident reviews (Root Cause Analysis) to identify process gaps and drive changes that prevent future recurrence and improve overall response maturity.
Requirements
- Incident Management Expertise: 6+ years of experience in cybersecurity incident management and coordination, specifically within complex software environments.
- Technical Proficiency: Strong understanding of common security vulnerabilities (e.g., OWASP Top Ten), exploitation techniques, and their mitigations.
- Crisis Leadership: Demonstrated ability to lead global, multicultural teams under high-pressure conditions and make decisive judgements with limited information.
- Communication: Fluent written and verbal communication skills in English, with the ability to translate complex technical findings into clear executive briefings.
- Risk Mitigation: Excellent risk mitigation and change management skills, with a focus on protecting customers and the open source community.
- Educational Background: Bachelor's degree in a related field; industry certifications such as CISSP, CISM, or PMP are highly preferred.
Experience Plus
- Familiarity with open source software principles and business models.
- Technical knowledge of Linux operating systems, container technologies (Kubernetes/OpenShift), and CI/CD pipeline security.
- Experience with data analysis and the development of performance metrics for vulnerability response.
Benefits & conditions
Red Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat's compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience., ? Comprehensive medical, dental, and vision coverage
? Flexible Spending Account - healthcare and dependent care
? Health Savings Account - high deductible medical plan
? Retirement 401(k) with employer match
? Paid time off and holidays
? Paid parental leave plans for all new parents
? Leave benefits including disability, paid family medical leave, and paid military leave
? Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!
Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.
Inclusion at Red Hat
Red Hat's culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.