Security Community and Compliance Architect (EMEA)
Red Hat
Are you ready to shape the future of open source security, turning global regulations like the European Union's Cyber Resilience Act (CRA) into a catalyst for upstream community excellence? The CRA marks a definitive turning point in the governance of the global software supply chain, shifting open source from "best-effort" security to a regulated environment. Red Hat is seeking a Security Community Architect to join the Open Source and AI Program Office (OSAIPO) and lead this transformation.
Starting with Linux and beyond to hybrid cloud and AI, Red Hat works with upstream open source communities to make enterprise-ready software that’s hardened, tested, and securely distributed. We’ve spent more than two decades collaborating on community projects so we can continue to develop software that pushes the boundaries of technological ability.
Are you a diplomat, technologist, and strategist who can navigate the complex intersection of global regulation and open source governance? In this pivotal role, you will act as the primary bridge between Red Hat’s Product Security, Legal, and Engineering teams and the upstream communities we steward, e.g. Fedora and Ansible. This is not about checking compliance boxes. You will accelerate and implement Red Hat Champion Stewardship, helping maintainers adopt pragmatic security policies, Coordinated Vulnerability Disclosure (CVD) workflows, and supply chain standards (SBOMs, OSPS, SLSA) without stifling innovation.
While the CRA is the immediate catalyst, your mandate extends far beyond regulatory adherence to focus on the long-term health and vitality of our ecosystems, actively nurturing the security posture of our upstream communities, collaborating with Product Security and the OSAIPO Data Team to integrate best-of-breed tools and practices into our upstream-first culture.
At Red Hat, our commitment to open source innovation extends beyond our products - it’s embedded in how we work and grow. Red Hatters embrace change – especially in our fast-moving technological landscape – and have a strong growth mindset. In this role you will have the opportunity to proactively, thoughtfully, and ethically use AI to simplify your work, cut complexity, and boost efficiency.
This position may require some international travel.
What you will do
- Conduct security practice reviews and gap analyses for identified open source projects (e.g., Ansible, Fedora, and other 15+ projects as the starting point) to help create a tailored CRA Readiness Roadmap that aligns with the project's existing governance and Red Hat Stewardship Guidelines.
- Collaborate with community maintainers to draft, socialize, and publish verifiable security policies (CVD, IRP, etc.) and artifacts, drive adoption of security tools (e.g to produce consistent accurate SBOMs) and integration of security practices (like OSPS, SLSA).
- Serve as the primary CRA contact, educating maintainers on the benefits of CRA while adhering to our community-first principles, ensuring requirements are pragmatic and developer-centric. Collaborate with different stakeholders (Product Security, Legal, Engineering, etc.) to develop resources and training materials that promote secure open source development and upstream engagement best practices.
- Monitor for and analyze global security regulatory and standards developments impacting open source communities, starting with CRA implementing acts, but then expanding to other regulations.
- Work with multiple stakeholder teams (such as Product Security, Engineering, Emerging Technologies) to map and rationalize Red Hat’s community commitments in key security-related projects. You will identify upstream communities germane to our security strategy and ensure they have the appropriate vitality and level of participation.
- Cultivate our presence and reputation in security-related organizations (e.g., OpenSSF, Eclipse, Standards Bodies) and relevant industry events (e.g, KubeCon), help to exercise or sponsor benefits and support execution.
- Work with our engineering, legal, security, communications, product, and recruiting teams to turn security related contributions into powerful stories that demonstrate the strength of open source, and position Red Hat as a Champion Open Source Stewardship and beyond.
What you will bring
- Familiarity with the evolving global regulation landscape regarding open source (such as the CRA) and an understanding of key organizations involved in standardization and security tooling (e.g., OpenSSF, ISO, Eclipse).
- Knowledge of the security landscape, including Zero Trust, software supply chain security, vulnerability management (CVD/CVE), incident response (IR), and secure software development lifecycles (e.g, standards like OSPS, SSDF).
- Proven experience participating in open source software development, with a deep understanding of community governance and the unique ability to motivate volunteers and negotiate consensus without direct authority.
- Strong organizational skills to manage complex, multi-year projects (short-term pilots vs. long-term cultural shifts) while effectively collaborating with internal stakeholders to prioritize resources.
- Exceptional written, verbal, and presentation skills, ranging from drafting technical documents to translating policy for engineering to driving social media engagement, with a desire to continuously refine how you tell the story of secure open source.
- Familiarity with the modern cloud native stack, including Linux-based developer tools, Continuous Integration (CI) systems, containers, and Kubernetes, enabling you to speak the same language as maintainers.
- Experience with the modern AI stack, including how tools like Claude, Gemini or Cursor can be used in daily practice for speeding up both technical and non-technical tasks.
- Experience working with communities like OpenSSF, CNCF, and OWASP, to scout new strategic opportunities and manage a 360-degree view of our engagements, from evaluating sponsorships to events support to fostering the next generation of secure open source technologies.
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.
Inclusion at Red Hat
Red Hat’s culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.
Equal Opportunity Policy (EEO)
Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.