We are looking for a Security Engineer with development experience to join our Product Security function. You will play a crucial role in building and extending existing tooling and processes to address vulnerabilities across multiple projects.
Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.
In this role, your responsibilities will include:
* Primarily, contribute to the development of security solutions across the product life-cycle, such as standalone security tools, "shift left" CI/CD pipeline components, security solution integrations, product security features/fixes, etc. You will be working on tooling to support other Product Security team members and the HashiCorp R&D organization more broadly.
* Secondarily, support other Product Security teams in efforts to monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk. Identify and explore opportunities to strengthen these efforts with tooling/automation.
* Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.
We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!
You may be a good fit if you have knowledge and experience around:
* Secure development practices, and integration into broader engineering activities.
* Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
* Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
* Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
* Security design/architecture and threat modeling.
* Product vulnerability management lifecycle.
* Cryptography and cryptographic libraries.
* Secure operations practices, specifically with respect to cloud environments.
#J-18808-Ljbffr