Security Engineer, CorpSec

United States (Remote)

HashiCorp logo
Apply now Apply later

Posted 1 month ago

Security Engineer, CorpSec

HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software. 

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

Our Team 

We know our users place a high level of trust in HashiCorp and the products we make to manage mission critical infrastructure. The security of customer data, of our products, and our services are a top priority. HashiCorp’s best-in-class security starts at the foundational level and includes internal threat models, routine internal and external security assessments, and secure software development.  

HashiCorp has a fully staffed team of security professionals dedicated to securing, protecting and improving the security of the company and its products. 

This Position

As a team member of the Corporate Information Security team, you will be designing, protecting and securing HashiCorp's corporate assets and infrastructure.

In this role, your responsibilities will include:

  • Design, implement and monitor HashiCorp’s corporate information security controls and technologies.
  • Build and implement security processes and tools for risk reduction and mature corporate information security capabilities.
  • Perform security review of HashiCorp’s corporate information assets.
  • Triage, respond to, and investigate security incidents affecting business applications, SaaS applications, and partner services.
  • Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate.
  • Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks.
  • Document security processes and standards.
  • Work closely with HashiCorp Information Technology team on collaborative initiatives. 
  • Support GRC and customer security requests as needed.
  • Assist other security teams as needed.

We are looking for talented self-starters with 3+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!

You may be a good fit if you have knowledge and experience around:

  • Modern information technology approaches and applications.
  • Modern engineering practices, processes, and tools.
  • Secure operations practices, specifically with regards to remote/distributed and cloud environments.
  • Security design / architecture and threat modeling.
  • Security testing and monitoring methodologies and tools.
  • Vulnerabilities (old and new), and options for defense / mitigation.
  • Familiarity with securing SaaS & cloud services running in Amazon AWS or Google Cloud Platform
  • Experience with identity and access management concepts such as SAML federation, OAuth and MFA
  • Experience with microservice architectures, or large distributed systems.
  • Experience with HashiCorp tools is a plus

About the Application Process

HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.  Interested, and think you might be a fit? Apply today!







Job tags: Architecture AWS Google Open Source SaaS Security assessments Vulnerabilities
Share this job: