Senior Security Engineer

Summary

Join HashiCorp's Security team as a Senior Security Engineer and contribute to the secure architecture and design of our product portfolio. You will collaborate with R&D teams, prioritize security features and bugs, and monitor threats and vulnerabilities. This role requires expertise in security architecture, application security, and threat modeling. The ideal candidate possesses 5+ years of security experience and proficiency in modern programming languages like Go or Python. HashiCorp offers a remote work environment and values diversity and inclusion.

Requirements

• 5+ years of security experience
• 3+ years of experience with a modern programming language like GO or Python
• Experience with modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem
• Experience with product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS)
• Experience with Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP)
• Experience with security design / architecture and threat modeling
• Experience with application and infrastructure security testing methodologies and tools
• Experience with vulnerabilities (old and new), and options for defense / mitigation
• Experience with product vulnerability management lifecycle
• Experience working with and/or supporting product engineering teams
• Experience with cryptography and cryptographic primitives
• Strong written and verbal communication skills
• Knowledge of application security topics
• Pragmatic approach to security
• Ability to empathize with engineers and product managers across the company

Responsibilities

• Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio
• Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk
• Act as SME in multiple information security areas (e.g. security architecture, application security, threat modeling, data protection, etc.)
• Develop internal tooling to address security problem areas
• Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc

Preferred Qualifications

Experienced engineers with less security-specific experience but the desire to learn!

Benefits

Remote work