About the position
We are looking for a Senior Security Engineer to help solve problems across our product and cloud portfolio. We partner closely with Research & Development teams to ensure that security is appropriately addressed across the HashiCorp suite of cloud, self-managed, and community products. Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy. The Security team is composed of security engineers working to ensure HashiCorp delivers secure software to its customers. We work closely with product engineering teams at HashiCorp, system and business owners of systems, and other security teams to enable them to do their job while keeping the company secure. We are flexible, adapt to situations, and develop innovative solutions to hard problems.
Responsibilities
- Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.
- Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.
- Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
- Act as SME in multiple information security areas (e.g. security architecture, application security, threat modeling, data protection, etc.)
- Develop internal tooling to address security problem areas.
- Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
Requirements
- 5+ years of security experience.
- Experience with a modern programming language like GO or Python.
- Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
- Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
- Experience with Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
- Security design / architecture and threat modeling.
- Application and infrastructure security testing methodologies and tools.
- Knowledge of vulnerabilities (old and new), and options for defense / mitigation.
- Understanding of product vulnerability management lifecycle.
- Experience working with and/or supporting product engineering teams.
- Knowledge of cryptography and cryptographic primitives.
Nice-to-haves
- Strong written and verbal communication skills.
- Knowledge of application security topics.
- A pragmatic approach to security.
- Ability to empathize with engineers and product managers across the company.
Benefits
- Diversity and equal opportunity commitment.
- Competitive salary based on skills, experience, and education.
Job Keywords
Hard Skills
- Go
- Google Cloud Platform
- Microsoft Azure
- Python
- Web Services
- 5mfJyQcew ETPSiQxhDoJf
- 6VNULdDzo Eq81f9N4T
- Ab9mIfE0H P7jRBMnqlL20
- c2VjX3ZTspe flw8AxjeJUQS
- cpb5S4ZHuj eishyETzQtr
- cZmkV9YaFIz8 QAnaldfcEb
- ENFbGToeM CVSBnmyN
- g0Pr81xJkTzG ZmMhQNzLK
- GgVXvNW 1ClRc7KnQyWEjs HhMjBe0
- hntHu0Cs Qgu6Ivd4SVq8
- HOxboig mkthoR1VS
- HwbOxJm9ngBqh pu6QFe UvWV1KZiYNxES
- lvyjHMdC0abqt 8ACEGyLc2dFN5
- nJ1Ld 67mdvWAXT
- Nzxw2mnea wO5nvs
- O6r73IhV0 LDo8VBTG3S
- oa5 7SnQZPbRVul9K tPn5OzK
- OV41vtFimz8 qRvUjJNFhcd3
- q1etMhgTLfro g9br3am72 BTUkY8e9
- r87wHSbdV yLh1gVIv
- rChgwsMu dClVfj9Qu
- sXe
- tY3Ns1
- ubwQo8PzhZTmCr pRuFUcL
- YiSwLlon SzmKNRtw
- YSkGpzt1 KNCG20gFY
- zhV7pyjJc xL98 zgbAGm7IwVeC
- ZzYDNRGFP8 9bBN6IkFG1r
A Smarter and Faster Way to Build Your Resume