Product Security Engineer II

Summary

Join HashiCorp's Product Security Partnerships team as a Product Security Engineer II and contribute to the security of our cloud, self-managed, and community products. Partner with Research & Development teams to integrate security into the development lifecycle. Responsibilities include secure architecture design, vulnerability management, security assessments, and threat modeling. You will work with various R&D teams, prioritize security features and bugs, and act as a subject matter expert in multiple information security areas. The ideal candidate possesses 4+ years of security experience and strong communication skills. HashiCorp embraces diversity and equal opportunity.

Requirements

• 4+ years of security experience
• Experience in secure development practices, and integration into broader engineering activities
• Experience with modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem
• Experience with product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS)
• Experience with Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP)
• Experience with security design / architecture and threat modeling
• Experience with application and infrastructure security testing methodologies and tools
• Experience with vulnerabilities (old and new), and options for defense / mitigation
• Experience with product vulnerability management lifecycle
• Experience working with and/or supporting product engineering teams
• Experience with cryptography and cryptographic primitives
• Strong written and verbal communication skills
• Knowledge of application security topics
• Pragmatic approach to security
• Ability to empathize with engineers and product managers across the company

Responsibilities

• Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio
• Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk
• Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)
• Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure
• Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs
• Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc
• Contribute to the creation and delivery of security training
• Research emerging attack vectors and techniques

Preferred Qualifications

Experienced engineers with less security-specific experience but the desire to learn!