Engineering Manager, Product Security

Summary

Join HashiCorp as a Product Security Manager to lead and grow a team of security engineers, overseeing product-specific security initiatives. You will work with engineering and product teams to prioritize security features and bugs, ensuring implementation and mitigations. This role requires strong leadership, technical expertise in security disciplines, and experience managing multiple projects. You will develop roadmaps, track progress, and mentor team members. The position is remote, offering a high degree of independence and autonomy. HashiCorp is an IBM subsidiary, and by applying, you acknowledge that your information will be shared with other IBM subsidiaries.

Requirements

• 6+ years of work experience in product security, application security, or broader security engineering areas
• Demonstrated managerial aptitude & leadership skills
• Ability to prioritize and track multiple projects in parallel
• Ability to engage with stakeholders and communicate asks / status / gaps
• Demonstrated technical experience across related security disciplines

Responsibilities

• Oversee and contribute to product-specific and program-level security initiatives and activities being undertaken by members of the Product Security team
• Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigations
• Lead and grow a team of high-performing security engineers
• Develop roadmaps, track progress, and evaluate team / functions performance
• Provide mentorship, support, and career development opportunities for team members and enable the team to scale
• Be a subject matter authority and have strategic influence
• Assist leadership to develop strategic plans and long-term roadmaps
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk
• Plan & oversee security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure
• Manage design & implementation of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc
• Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)

Preferred Qualifications

• Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS)
• Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP)
• Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem
• Secure development practices, and integration into broader engineering activities
• Secure operations practices, specifically wrt. cloud environments
• Application and infrastructure security testing methodologies and tools
• Security design / architecture and threat modeling
• Vulnerabilities (old and new), and options for defense / mitigation
• Product vulnerability management lifecycle
• Security audits, penetration tests, and/or bug bounty programs
• Cryptography and cryptographic libraries

Benefits

Remote work