Senior Security Engineer
5d ago

HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-

critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application.

The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.

We are looking for Security Engineers to help scale our Infrastructure Security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the HashiCorp products and services.

This role will report initially to the CSO.

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include :

  • Design, implement and monitor HashiCorp’s security controls and technologies.
  • Build and implement security processes and tools for risk reduction and mature prevention, detection and response capabilities
  • Perform security review of HashiCorp’s infra and tech supply chain
  • Triage, Respond to and Investigate Security Incidents affecting Platform and Infra Services
  • Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
  • Assist with security incidents that the company may face in alignment with our response processes
  • Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
  • Document security processes and standards.
  • Act as SME on multiple information security areas (e.g. security architecture, security operations, CI / CD security etc.)
  • Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.
  • Contribute to the creation and delivery of security trainings.
  • Research emerging attack vectors and techniques.
  • Support GRC and customer security requests as needed
  • We are looking for talented self-starters with 5+ years of security experience. We will consider experienced engineers with less security-

    specific experience but the desire to learn!

    You may be a good fit if you have knowledge and experience around :

  • Modern engineering practices, processes, and tools.
  • Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
  • Secure operations practices, specifically wrt. cloud environments.
  • Application and infrastructure security testing methodologies and tools.
  • Security design / architecture and threat modeling.
  • Vulnerabilities (old and new), and options for defense / mitigation.
  • Familiarity with securing cloud services running in Amazon AWS or Google Cloud Platform
  • Experience with identity and access management concepts such as SAML federation, OAUTH and MFA
  • Experience with microservice architectures, or large distributed systems.
  • Experience with HashiCorp tools is a plus
  • HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.

    We believe the more inclusive we are, the better our company will be. Interested, and think you might be a fit? Apply today!

    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form