AppSec Jobs
← Back to all jobs

Red Hat

Product Owner - Security Automation (EMEA)

PortugalWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Red Hat

Red Hat, Inc. is a leading American software company that specializes in open-source solutions for enterprises. Founded in 1993 and headquartered in Raleigh, North Carolina, Red Hat has grown to operate in over 40 countries. The company became a part of IBM in 2019, following a significant acquisition valued at approximately $34 billion. Red Hat is recognized for its commitment to open-source principles and has achieved notable revenue milestones, reaching nearly $3 billion by 2018. The company's primary offerings include Red Hat Enterprise Linux (RHEL), a stable operating system designed for datacenters and cloud environments, and Fedora, a community-driven version that fosters innovation. Red Hat also provides a range of services, including technical support and system management through the Red Hat Network. The company has established strong partnerships with major technology vendors like Dell, IBM, HP, and Oracle, enhancing its capabilities in cloud computing, storage, and virtualization.

Industry

information technology & services

Employees

26,000

6776 engineers

Revenue

$5.6B

Website

Visit →

Security at Red Hat

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Red Hat's Application Security philosophy is rooted in a DevSecOps approach where security is viewed as a continuous process rather than a final step.
  • They emphasize 'shifting left' by providing developers with tools like SAST directly within their IDEs to enable early detection.
  • Their risk philosophy involves prioritizing weaknesses on a standardized scale (Low to Critical) similar to how vulnerabilities are handled. - **Stated AppSec Mission**: "Security isn't an afterthought.
  • It's continuous"– Red Hat DevSecOps approach (https://www.redhat.com/en/solutions/devsecops-approach). - **Developer Enablement**: "encourage developers to 'shift-left' by integrating the SAST tool into their chosen Integrated Development Environment (IDEs)"– Red Hat SAST guidance (https://www.redhat.com/en/blog/leading-effective-static-application-security-testing-sast-program). - **Risk Philosophy**: "prioritizing them on a scale similar to vulnerabilities: Low, Medium, High, Critical"– Red Hat blog (https://www.redhat.com/en/blog/repair-bridge-it-cracks-understanding-vulnerabilities-and-weaknesses-modern-it).

Key Initiatives

Red Hat's active initiatives focus on automating security testing within CI/CD pipelines and maintaining a rigorous vulnerability management process. A significant recent focus has been the promotion and integration of RapiDAST for continuous dynamic testing. - **Shift Left in Practice**: "integrate the tool into your CI/CD pipelines"– Red Hat SAST guidance (https://www.redhat.com/en/blog/leading-effective-static-application-security-testing-sast-program). - **Vulnerability Management**: "prioritizing them on a scale similar to vulnerabilities: Low, Medium, High, Critical"– Red Hat blog (https://www.redhat.com/en/blog/repair-bridge-it-cracks-understanding-vulnerabilities-and-weaknesses-modern-it). - **Recent Initiatives**: "perform tests before every release and continuously"using RapiDAST – (https://developers.redhat.com/articles/2025/06/19/automate-dynamic-application-security-testing-rapidast). - **Security Champions**: Information not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.