Sr. Security Engineer, Product & Cloud Security

About the position

We are looking for a Senior Security Engineer to help solve problems across our product and cloud portfolio. We partner closely with Research & Development teams to ensure that security is appropriately addressed across the HashiCorp suite of cloud, self-managed, and community products. Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

Responsibilities

• Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.
• Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
• Act as SME in multiple information security areas (e.g. security architecture, application security, threat modeling, data protection, etc.)
• Develop internal tooling to address security problem areas.
• Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.

Requirements

• 5+ years of security experience.
• 3+ years of experience with a modern programming language like GO or Python.
• Experience with modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
• Knowledge of product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
• Experience with Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
• Understanding of security design / architecture and threat modeling.
• Familiarity with application and infrastructure security testing methodologies and tools.
• Knowledge of vulnerabilities (old and new), and options for defense / mitigation.
• Experience with product vulnerability management lifecycle.
• Experience working with and/or supporting product engineering teams.
• Knowledge of cryptography and cryptographic primitives.

Nice-to-haves

• Strong written and verbal communication skills.
• Knowledge of application security topics.
• A pragmatic approach to security.
• Ability to empathize with engineers and product managers across the company.

Benefits

• Diversity and equal opportunity commitment.
• Competitive salary based on skills, experience, and education.