The Role
Own full lifecycle CVE remediation for EOL CentOS distributions: triage vulnerabilities, backport and apply C/C++ patches, rebuild and sign RPMs, debug regressions, validate fixes, document decisions, and improve automation for CI and package builds.
Summary Generated by Built In
Perforce is a community of collaborative experts, problem solvers, and possibility seekers who believe work should be both challenging and fun. We are proud to inspire creativity, foster belonging, support collaboration, and encourage wellness. At Perforce, you’ll work with and learn from some of the best and brightest in business. Before you know it, you’ll be in the middle of a rewarding career at a company headed in one direction: upward.
With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce Software, Inc. is trusted by the world’s leading brands to deliver solutions for the toughest challenges. The best run DevOps teams in the world choose Perforce.
About the Role
OpenLogic, a Perforce business unit, provides long-term support (LTS) for enterprise Linux distributions - including CentOS 6, 7, and 8 - to customers who depend on stable, security-patched software beyond end-of-life. As a Senior Software Engineer on the CentOS CVE Remediation team, you will own the full lifecycle of CVE fixes: triaging vulnerabilities, backporting upstream patches, rebuilding RPM packages, validating fixes, and delivering hardened packages to production. You will work across a broad range of system packages — kernel, OpenSSL, openldap, libxml2, Ruby, MySQL, and others — making deep C/C++ expertise essential.
Responsibilities :
- Triage incoming CVEs using NVD, CVSS/EPSS scores, and CISA KEV data; prioritize backport work by risk severity
- Write and apply C/C++ patches for EOL packages (CentOS 6/7/8) where upstream fixes are unavailable or inapplicable
- Build, test, and sign RPM packages using mock, rpmbuild, and GPG; maintain spec files and package metadata
- Debug regressions and build failures with gdb, strace, and valgrind; resolve symbol, linkage, and ABI issues
- Collaborate with reviewers to meet quality gates; respond to technical review feedback on patch correctness and security impact
- Document remediation decisions, patch rationale, and build reproduction steps in Jira and Confluence
- Contribute to automation improvements (CI pipelines, scripted build environments) to increase team CVE velocity
Requirement :
- 12+ years of professional C and C++ development and system admin level experience on Linux systems.
- RPM packaging expertise — Hands-on experience with RPM packaging:
- Writing and maintaining .spec files, understanding of rpm build phases and macros
- Building in isolated environments using mock; managing dist tags and dependencies
- Deep Linux internals – Strong Linux internals knowledge:
- Kernel subsystems (memory management, process scheduling, file systems, networking stack)
- System calls, device drivers, and kernel module development fundamentals
- Package management proficiency with yum/dnf and familiarity with rpm database operations
- Practical debugging skills: gdb, strace, ltrace, valgrind, core dump analysis
- Scripting in Bash and Python for build automation and tooling
- Familiarity with SELinux policy analysis and enforcement modes
- Experience with git and git-lfs for patch management and source control
Nice to Have :
- Prior experience backporting security patches for EOL distributions (CentOS, RHEL, Oracle Linux, Rocky, AlmaLinux)
- Knowledge of OpenSSL, libxml2, openldap, or Ruby C extensions at the source level
- Familiarity with CVSS v3/v4 scoring, EPSS, and KEV prioritization workflows
- Experience with virtualization tooling: libvirt, QEMU/KVM, Vagrant, VirtualBox
- CI/CD pipeline experience (Jenkins, GitHub Actions) for automated package builds
- Understanding of networking layers (L2/L3), socket programming, and network-facing service hardening
- Exposure to CIS Benchmarks or DISA STIGs for hardened image configuration
All employees are expected to demonstrate AI fluency appropriate to their role and level, including responsible use of AI tools, sound judgment, and adherence to company AI governance and security policy standards.
Come work with us! Our team members are valued for their contributions, introduced to new opportunities, and rewarded well. Perforce combines the experience and rewards of a start-up with the security of an established and privately held profitable company.If you are passionate about the technology that impacts our day-to-day lives and want to work with talented and dedicated people across the globe, apply today!
www.perforce.com
Please click here for: EOE & Belonging Statements | Perforce Software
Skills Required
- 12+ years professional C and C++ development and Linux system administration experience
- Experience triaging CVEs using NVD, CVSS/EPSS, and CISA KEV
- RPM packaging expertise including writing and maintaining .spec files and understanding rpm build phases and macros
- Building packages in isolated environments using mock and rpmbuild; signing packages with GPG
- Deep Linux internals knowledge (kernel subsystems, system calls, device drivers, kernel modules)
- Package management proficiency with yum/dnf and familiarity with rpm database operations
- Practical debugging and core dump analysis skills using gdb, strace, ltrace, and valgrind
- Scripting experience in Bash and Python for build automation and tooling
- Familiarity with SELinux policy analysis and enforcement modes
- Experience with git and git-lfs for patch management and source control
- Experience documenting remediation, patch rationale, and build reproduction steps in Jira and Confluence
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
The best run DevOps teams in the world choose Perforce to remove bottlenecks to speed up and deliver app experiences that move the needle. With Perforce’s suite of products built to develop and maintain high-stakes applications, companies can finally manage complexity with efficiency, achieve speed without compromise, and run their DevOps toolchains with full integrity. Perforce gives customers a DevOps Edge, from code to business-ready. But at the heart of our success is the people. We are a global community of collaborative experts, problem solvers, and possibility seekers who believe in making work both challenging and fun. Join us and you’ll work alongside the brightest in the business, driving innovation and growing in a career that’s moving in one direction: upward!
