Security Engineer Intern

About the Role

We are looking for Security Engineering Interns to help scale our Infrastructure Security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the HashiCorp products and services.

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Assist in designing, implementing and monitoring HashiCorp’s security controls and technologies
• Apply knowledge gained in Computer Science or Security courses to real world challenges
• Develop scripts and tools to automate tasks
• Build and implement security processes and tools for risk reduction and mature prevention, detection and response capabilities
• Assist in performing security review of HashiCorp’s infra and tech supply chain
• Triage, Respond to and Investigate Security Incidents affecting Platform and Infra Services
• Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
• Assist with security incidents that the company may face in alignment with our response processes
• Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
• Document security processes and standards
• Partner with subject matter experts on multiple information security areas (e.g. security architecture, security operations, CI/CD security etc.)
• Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs
• Contribute to the creation and delivery of security trainings
• Research emerging attack vectors and techniques
• Support GRC and customer security requests as needed

We are looking for talented self-starters who want to learn about security engineering. We will consider engineers with less security-specific experience but the desire to learn!

You may be a good fit for our team if you...

• Are currently pursuing a bachelor's degree in engineering, information technology or equivalent training in the United States, with an anticipated graduation date of Fall 2023- Spring 2024
• Have some coding proficiency 
• Have basic understanding of application and infrastructure security testing methodologies and tools
• Are familiar with securing cloud services running in Amazon AWS or Google Cloud Platform
• Have fundamental knowledge in security, distributed systems, service oriented architectures or schedulers
• Have exposure to product / service architectures in modern cloud environments (IaaS, SaaS, PaaS)
• Want to learn secure operations practices, specifically wrt. cloud environments
• Are interested in security design / architecture and threat modeling
• Want to learn vulnerabilities (old and new), and options for defense / mitigation.
• Want to gain experience with microservice architectures, or large distributed systems.
• Experience with HashiCorp tools is a plus!

#LI-Remote