Senior Security Engineer, CorpSec

About HashiCorp

At HashiCorp, we build the infrastructure that enables innovation. Our suite of multi-cloud infrastructure automation products are the underpinnings of the largest enterprises in the world, who rely on our solutions to provision, secure, connect, and run their critical applications to deliver crucial services, communications tools, and entertainment platforms to the world. We’re building a once-in-a-generation infrastructure company with a unique approach: rather than focusing on specific technologies, we build products and solutions that support real-world workflows spanning the multiple cloud environments that nearly every organization worldwide is using today.

HashiCorp is a fast-growing enterprise software company that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software. 

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Design, implement and monitor HashiCorp’s corporate information security controls and technologies.
• Build and implement security processes and tools for risk reduction and mature corporate information security capabilities.
• Triage, respond to, and investigate security incidents affecting business applications, SaaS applications, and partner services.
• Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks.
• Identify and deploy internal process and automation improvements. 
• Provide subject matter expertise on authentication and systems security with a focus on Corporate technologies and SaaS applications. 
• Build and implement security processes and tools for risk reduction and mature corporate information security capabilities.
• Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate.
• Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks.
• Support GRC and customer security requests as needed.

We are looking for talented self-starters with 3+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!

You may be a good fit if you have knowledge and experience around:

• Secure operations practices, specifically with regards to remote/distributed and cloud environments.
• Security design / architecture and threat modeling.
• Security testing and monitoring methodologies and tools.
• Vulnerabilities (old and new), and options for defense / mitigation.
• Familiarity with securing SaaS & cloud services running in Amazon AWS or Google Cloud Platform
• Experience in managing and maintaining identity and access management, SAML Federation, OAuth and MFA solutions. 
• Experience with application design, integration and deployment in an integrated global IT environment. 
• Experience with Crowdstrike EDR
• Experience with Proofpoint
• Experience with HashiCorp Vault and Terraform a plus. 

#LI-RR1

#LI-Remote

HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.

For more information regarding how HashiCorp collects, uses, and manages personal information, please review our Privacy Policy.