As an Incident Response Commander, you will join the Red Hat Product Security team to lead the organization's response to major and minor security incidents. While vulnerability management is a core function, this role specifically focuses on the critical transition when a vulnerability or security flaw becomes an active incident. You will be responsible for orchestrating the end-to-end response, ensuring that high-profile vulnerabilities are remediated with urgency and that stakeholders across the global engineering organization are aligned. You must be able to think and respond quickly, exercising expert problem-solving and relationship-management skills to ensure resources are appropriately marshalled to resolve incidents under pressure.
What you will bring:
Incident Command & Orchestration: Lead and coordinate cross-functional teams (Engineering, Product Management, Site Reliability Engineering, and Quality Engineering) during major and minor security incidents to ensure timely remediation and disclosure.
Rapid Response Management: Act as the primary authority during rapid response escalations, managing the "battle rhythm" of the incident and ensuring all technical and non-technical workstreams are synchronized.
Vulnerability-to-Incident Transition: Oversee the lifecycle of vulnerabilities that escalate into incidents, ensuring that triage, analysis, and prioritization are handled with clinical precision.
Stakeholder Communication: Provide quick and efficient updates to various internal stakeholders about incident status, technical mitigations, and potential customer impact.
Remediation Consultation: Consult on technical implementations and remediation strategies, ensuring that proposed fixes address the root cause and align with Red Hat's secure software development standards.
Knowledge Artifact Readiness: Ensure that critical documentation-including Security Vulnerability articles, blogs, and technical advisories-is prepared and validated for timely publication.
Continuous Improvement: Lead post-incident reviews (Root Cause Analysis) to identify process gaps and drive changes that prevent future recurrence and improve overall response maturity.
What you will bring:
Incident Management Expertise: 6+ years of experience in cybersecurity incident management and coordination, specifically within complex software environments.
Technical Proficiency: Strong understanding of common security vulnerabilities (e.g., OWASP Top Ten), exploitation techniques, and their mitigations.
Crisis Leadership: Demonstrated ability to lead global, multicultural teams under high-pressure conditions and make decisive judgements with limited information.
Communication: Fluent written and verbal communication skills in English, with the ability to translate complex technical findings into clear executive briefings.
Risk Mitigation: Excellent risk mitigation and change management skills, with a focus on protecting customers and the open source community.
Educational Background: Bachelor's degree in a related field; industry certifications such as CISSP, CISM, or PMP are highly preferred.
Experience Plus
Familiarity with open source software principles and business models.
Technical knowledge of Linux operating systems, container technologies (Kubernetes/OpenShift), and CI/CD pipeline security.
Experience with data analysis and the development of performance metrics for vulnerability response.
The salary range for this position is $134,050.00 - $221,210.00. Actual offer will be based on your qualifications.
Pay Transparency
Red Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat's compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience.
About Red Hat
Red Hat is the world's leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.
Benefits
Comprehensive medical, dental, and vision coverage
Flexible Spending Account - healthcare and dependent care
Health Savings Account - high deductible medical plan
Retirement 401(k) with employer match
Paid time off and holidays
Paid parental leave plans for all new parents
Leave benefits including disability, paid family medical leave, and paid military leave
Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!
Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.
Inclusion at Red Hat
Red Hat's culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.
Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.