Introduction
HashiCorp solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build products to give organizations a consistent way to manage their move to cloud-based IT infrastructures for running their applications. Our products enable companies large and small to mix and match AWS, Microsoft Azure, Google Cloud, and other clouds as well as on-premises environments, easing their ability to deliver new applications.
We are looking for Product Security Engineers to help scale our product security function, which works closely with Research & Development teams to ensure that security is appropriately addressed across the HashiCorp suite of cloud and self-managed products. This role will report to a Product Security manager.
Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
Your Role And Responsibilities
In this role, your responsibilities will include:
- Contribute to secure architecture and design of HashiCorp products.
- Partner with R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.
- Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess / communicate associated risk.
- Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp's products, services, and associated cloud infrastructure.
- Build and implement security solutions across the product lifecycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
- Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)
- Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.
- Contribute to the creation and delivery of security training.
- Research emerging attack vectors and techniques.
Preferred Education
Master's Degree
Required Technical And Professional Expertise
We are looking for talented self-starters with 8+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!
You may be a good fit if you have knowledge and experience around:
- Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
- Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
- Secure development practices, and integration into broader engineering activities.
- Secure operations practices, specifically wrt. cloud environments including Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
- Application and infrastructure security testing methodologies and tools.
- Security design / architecture and threat modeling.
- Vulnerabilities (old and new), and options for defense / mitigation.
- Product vulnerability management lifecycle.
- Security audits, penetration tests, and/or bug bounty programs.
- Cryptography and cryptographic libraries.
Preferred Technical And Professional Experience
Work with Hiring Manager to ID up to 3 bullets max (encouraging then to focus on required skills) 
