HashiCorp solves development operations and security challenges in infrastructure so organizations can focus on business-critical tasks. We build products to give organizations a consistent way to manage their move to cloud-based IT infrastructures for running their applications. Our products enable companies large and small to mix and match AWS Microsoft Azure Google Cloud and other clouds as well as on-premises environments easing their ability to deliver new applications.
We are looking for Product Security Engineers to help scale our product security function which works closely with Research & Development teams to ensure that security is appropriately addressed across the HashiCorp suite of cloud and self-managed products.Β This role will report to a Product Security manager.
Security at HashiCorp is a remote team. While prior experience working remotely isn't required we are looking for team members who perform well given a high level of independence and autonomy.
In this role your responsibilities will include:
-
Contribute to secure architecture and design of HashiCorp products.
-
Partner with R&D teams to prioritize security features and bugs and ensure implementation and mitigations.
-
Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities identify mitigations and assess / communicate associated risk.
-
Plan & execute security assessments (dynamic testing static testing code review etc) and threat modeling of HashiCorpβs products services and associated cloud infrastructure.
-
Build and implement security solutions across the product lifecycle such as standalone security tools CI/CD pipeline integrations product security features/fixes etc.
-
Act as SME on multiple information security areas (e.g. security architecture application security threat modeling etc.)
-
Assist in execution of 3rd-party audits penetration tests and bug bounty programs.
-
Contribute to the creation and delivery of security training.
-
Research emerging attack vectors and techniques.
We are looking for talented self-starters with 6+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!
You may be a good fit if you have knowledge and experience around:
-
Product / service architectures in modern cloud environments (IaaS SaaS PaaS).
-
Modern engineering practices processes and tools particularly related to the Go programming language and ecosystem.
-
Secure development practices and integration into broader engineering activities.
-
Secure operations practices specifically wrt. cloud environments including Amazon Web Services (AWS) Microsoft Azure and/or Google Cloud Platform (GCP).
-
Application and infrastructure security testing methodologies and tools.
-
Security design / architecture and threat modeling.
-
Vulnerabilities (old and new) and options for defense / mitigation.
-
Product vulnerability management lifecycle.
-
Security audits penetration tests and/or bug bounty programs.
-
Cryptography and cryptographic libraries.
-
Proficiency in secure coding and code review ideally with the Go programming language or similar modern languages.
-
Experience with vulnerability management programs including penetration testing security audits or bug bounty operations.