Security Manager - HashiCorp Vulnerability Management & Compliance Automation

A career in IBM Software means you'll be part of a team that transforms our customer's challenges into industry-leading solutions. We are an infinitely curious team always seeking new possibilities and dedicated to creating the world's leading AI-powered cloud-native software solutions. Our renowned legacy creates endless global opportunities for our network of IBMers. We are a team of deep product experts ensuring exceptional client experiences with a focus on delivery excellence and obsession over customer outcomes. This position involves contributing to HashiCorp's offerings now part of IBM which empower organizations to automate and secure multi-cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security enhancing IBM's cloud solutions to ensure enterprises achieve efficiency security and scalability in their cloud journey.

About HashiCorp an IBM Company

HashiCorp addresses development operations and security challenges within infrastructure enabling organizations to concentrate on core business initiatives. Millions of users leverage our open source software for provisioning securing connecting and running infrastructure across diverse applications. The Global 2000 utilizes our enterprise software to expedite application delivery and foster innovation through software solutions.

We are seeking a Security Manager Vulnerability Management & Compliance Automation to strengthen and scale our security program. This role will focus on improving how we identify assess and remediate vulnerabilities across our cloud and self-managed product suite — while driving automation and integration of compliance processes across our platforms and pipelines. You will work closely with engineering product management IT and compliance stakeholders to embed security and compliance as a continuous automated part of development and operations.

This role is ideal for a technically proficient leader who thrives in a remote-first high-autonomy environment and is passionate about building secure scalable systems.

In this role your responsibilities will include:

• Lead and expand the vulnerability management and compliance automation programs across HashiCorp’s products and infrastructure.

• Oversee the end-to-end lifecycle of product vulnerabilities - from discovery and triage to remediation and reporting. Ensuring timely identification triage and remediation across multiple environments - including CI/CD pipelines runtime infrastructure and third-party dependencies.

• Design and implement automated compliance controls and reporting mechanisms integrated into CI/CD pipelines and cloud infrastructure that align with frameworks such as SOC 2 ISO 27001 PCI and FedRAMP.

• Partner with engineering product and infrastructure teams to embed security into development workflows and prioritize security-related features and fixes.

• Build and mentor a team of high-performing security engineers providing technical guidance career development and performance feedback.

• Collaborate with product and infrastructure teams to prioritize remediation work track progress and raise risk and impacts effectively.

• Monitor and respond to emerging threats and vulnerabilities driving rapid mitigation strategies and long-term improvements.

• Develop metrics and dashboards to measure the health and maturity of vulnerability management and compliance programs.

• Serve as a subject matter expert on vulnerability management compliance automation and secure development practices.

• Contribute to strategic planning and roadmap development for vulnerability management  initiatives with a focus on automation scalability and measurable impact.

• Lead the design and deployment of security tools and integrations that support vulnerability scanning compliance checks and secure development practices.

• Assess and communicate risk posture to stakeholders providing clear visibility into vulnerabilities mitigations and compliance status.

• 6+ years of experience in product or application security with a focus on vulnerability management and compliance.

• Demonstrated success building or scaling a vulnerability management or compliance automation program in a cloud-native environment.

• Proven leadership and team management experience.

• Strong understanding of cloud-native architectures (AWS GCP Azure) and containerized environments (Kubernetes Nomad Docker).

• Experience integrating security and compliance tools into CI/CD pipelines (e.g. GitHub Actions Jenkins GitLab CI).

• Familiarity with security scanning tools and services (SCA SAST DAST CSPM IaC scanning etc.) and how to operationalize their results.

• Excellent communication and stakeholder engagement skills.

• Deep understanding of vulnerability lifecycle management from discovery to remediation and verification.

• Experience automating compliance evidence collection and control validation against industry frameworks (SOC 2 PCI FedRAMP etc.).

• Strong leadership communication and stakeholder management skills — able to balance technical detail with business context.

• Ability to prioritize and manage multiple projects leading with data-driven decision-making and risk-based prioritization.

• Familiarity with HashiCorp/IBM products and services