Product Security Engineer, Programs Team
About the team
We are looking for a Security Engineer with development experience to join our Product Security function. You will play a crucial role in building and extending existing tooling and processes to address vulnerabilities across multiple projects.
Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.
What you’ll do:
- Primarily, contribute to the development of security solutions across the product life-cycle, such as standalone security tools, “shift left” CI/CD pipeline components, security solution integrations, product security features/fixes, etc. You will be working on tooling to support other Product Security team members and the HashiCorp R&D organization more broadly.
- Secondarily, support other Product Security teams in efforts to monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk. Identity and explore opportunities to strengthen these efforts with tooling / automation.
- Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.
We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!
What you’ll need:
- Secure development practices, and integration into broader engineering activities.
- Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
- Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
- Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
- Security design / architecture and threat modeling.
- Product vulnerability management lifecycle.
- Cryptography and cryptographic libraries.
- Secure operations practices, specifically with respect to cloud environments.
#LI-REMOTE