Senior Compliance Engineer, Security Controls & Compliance Operations
United States (Remote)
Applications have closed
HashiCorp
HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.About HashiCorp
At HashiCorp, we’re building a generation-defining infrastructure software company, powered by our core principles and a growing team of talented, committed professionals working together to help organizations seamlessly transition to and operate in the cloud. Founded in 2012 and headquartered in San Francisco, 85 percent of our employees work remotely, strategically distributed around the globe. From our inception we built the company with a remote-first approach because we believe talent has no boundaries.
At HashiCorp, we’re building a generation-defining infrastructure software company, powered by our core principles and a growing team of talented, committed professionals working together to help organizations seamlessly transition to and operate in the cloud. Founded in 2012 and headquartered in San Francisco, 85 percent of our employees work remotely, strategically distributed around the globe. From our inception we built the company with a remote-first approach because we believe talent has no boundaries.
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.
We’re looking for a hands-on Senior Security Controls & Compliance Operations Engineer to drive automation across the security compliance context in a modern cloud environment and mature the HashiCorp Common Controls Framework with a focus on technical controls.
Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
In this role, you will:
- Automate evidence collection for external security audits and internal control assessments
- Automate continuous monitoring, testing and reporting of security controls
- Automate common processes and tasks within GRC, such as user access reviews
- Work with Engineering, Product, IT, and other teams to improve the security and compliance postures of HashiCorp products, infrastructure, and processes
- Identify ways HashiCorp products can be used to meet compliance requirements, define those best practices, and work with internal teams to implement them
- Maintain and mature HashiCorp’s Common Controls Framework
- Map common controls to security frameworks, regulations, and internal policies, including SOC2, ISO 27001/17/18, PCI, HIPAA, FedRAMP, and others, with key focus on technical controls and the use of HashiCorp products to meet compliance requirements.
- Assist with other GRC activities as needed
You may be a good fit if you have knowledge and experience around:
- 4+ years of experience in or around security, with a focus on automation in modern cloud environments
- Developing tools / scripting in Python and/or Go
- Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
- Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
- Modern engineering practices, processes, and tools
- Infrastructure as code
- Compliance frameworks, standards, or control catalogs, such as SOC2, ISO 27001/17/18, PCI, HIPAA, and FedRAMP
We will consider experienced engineers with less security-specific experience, such as system administration with general exposure to security and compliance, but the desire to learn!
#LI-RR1
#LI-Remote
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.
For more information regarding how HashiCorp collects, uses, and manages personal information, please review our Privacy Policy.
Tags: Audits Automation AWS Azure Cloud Compliance FedRAMP GCP HIPAA IaaS ISO 27001 Monitoring Open Source PaaS Privacy Python SaaS Scripting SOC 2
Perks/benefits: Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs