Security Engineer II, Cloud Security

Summary

Join HashiCorp's Cloud Infrastructure & Platform Security team as a Security Engineer II and contribute to securing our multi-cloud environment (AWS, Azure, GCP). This fully remote role requires a passion for enhancing cloud security posture, building scalable security software, and defining insightful metrics. You will collaborate with engineering and stakeholders to establish secure-by-default environments, develop security tooling, and implement best practices. The ideal candidate possesses strong software development skills (Go/Python preferred), experience with infrastructure-as-code (Terraform), and excellent communication skills. Prior remote work experience is not mandatory, but independence and autonomy are key.

Requirements

• You have a broad understanding of the fundamentals of AWS security
• You find topics like Building a Data Perimeter on AWS interesting
• You have 3+ years of software development experience (Go and/or Python preferred)
• You have experience codifying infrastructure and deployment pipelines (Terraform and GitHub Actions preferred)
• You have strong written and verbal communication skills and have experience articulating security risk to stakeholders across an organization
• You are able to seek out opportunities for a high-degree of positive impact and outline paths forward without explicit direction
• You agree with, understand, and consistently display the principles of HashiCorp in your interactions and in your work

Responsibilities

• Define insightful metrics to further guide our cloud security posture and progress
• Ensure we have best practices implemented across our multi-cloud environment
• Partner with engineering and other stakeholders to define and drive secure-by-default environments supporting our products and the enterprise
• Develop tooling to drive our cloud security program forward

Preferred Qualifications

• You have a broad understanding of the fundamentals of Azure security
• You have experience utilizing Azure Policies to enforce security standards across an Azure tenant