Perforce is a community of collaborative experts, problem solvers, and possibility seekers who believe work should be both challenging and fun. We are proud to inspire creativity, foster belonging, support collaboration, and encourage wellness. At Perforce, you’ll work with and learn from some of the best and brightest in business. Before you know it, you’ll be in the middle of a rewarding career at a company headed in one direction: upward.
With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce Software, Inc. is trusted by the world’s leading brands to deliver solutions for the toughest challenges. The best run DevOps teams in the world choose Perforce.
About the Role
OpenLogic, a Perforce business unit, provides long-term support (LTS) for enterprise Linux distributions - including CentOS 6, 7, and 8 - to customers who depend on stable, security-patched software beyond end-of-life. As a Senior Software Engineer on the CentOS CVE Remediation team, you will own the full lifecycle of CVE fixes: triaging vulnerabilities, backporting upstream patches, rebuilding RPM packages, validating fixes, and delivering hardened packages to production. You will work across a broad range of system packages — kernel, OpenSSL, openldap, libxml2, Ruby, MySQL, and others — making deep C/C++ expertise essential.
Responsibilities :
Triage incoming CVEs using NVD, CVSS/EPSS scores, and CISA KEV data; prioritize backport work by risk severity
Write and apply C/C++ patches for EOL packages (CentOS 6/7/8) where upstream fixes are unavailable or inapplicable
Build, test, and sign RPM packages using mock, rpmbuild, and GPG; maintain spec files and package metadata
Debug regressions and build failures with gdb, strace, and valgrind; resolve symbol, linkage, and ABI issues
Collaborate with reviewers to meet quality gates; respond to technical review feedback on patch correctness and security impact
Document remediation decisions, patch rationale, and build reproduction steps in Jira and Confluence
Contribute to automation improvements (CI pipelines, scripted build environments) to increase team CVE velocity
Requirement :
12+ years of professional C and C++ development and system admin level experience on Linux systems.
RPM packaging expertise — Hands-on experience with RPM packaging:
Writing and maintaining .spec files, understanding of rpm build phases and macros
Building in isolated environments using mock; managing dist tags and dependencies
Deep Linux internals – Strong Linux internals knowledge:
Kernel subsystems (memory management, process scheduling, file systems, networking stack)
System calls, device drivers, and kernel module development fundamentals
Package management proficiency with yum/dnf and familiarity with rpm database operations
Practical debugging skills: gdb, strace, ltrace, valgrind, core dump analysis
Scripting in Bash and Python for build automation and tooling
Familiarity with SELinux policy analysis and enforcement modes
Experience with git and git-lfs for patch management and source control
Nice to Have :
Prior experience backporting security patches for EOL distributions (CentOS, RHEL, Oracle Linux, Rocky, AlmaLinux)
Knowledge of OpenSSL, libxml2, openldap, or Ruby C extensions at the source level
Familiarity with CVSS v3/v4 scoring, EPSS, and KEV prioritization workflows
Experience with virtualization tooling: libvirt, QEMU/KVM, Vagrant, VirtualBox
CI/CD pipeline experience (Jenkins, GitHub Actions) for automated package builds
Understanding of networking layers (L2/L3), socket programming, and network-facing service hardening
Exposure to CIS Benchmarks or DISA STIGs for hardened image configuration