VetJobs - The Leading Military Job Board

About the Role

We are looking for a Product Security Engineer specializing in Vulnerability Management to join our product security function. You will play a crucial role in building and extending existing tooling and processes to address vulnerabilities across multiple projects. Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.

• Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.

• Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.

• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.

• Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)

• Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure.

• Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.

• Research emerging attack vectors and techniques.

We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!

You may be a good fit if you have knowledge and experience around:

• Secure development practices, and integration into broader engineering activities.

• Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.

• Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).

• Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).

• Security design / architecture and threat modeling.

• Application and infrastructure security testing methodologies and tools.

• Vulnerabilities (old and new), and options for defense / mitigation.

• Product vulnerability management lifecycle.

• Security audits, penetration tests, and/or bug bounty programs.

• Cryptography and cryptographic libraries.

• Secure operations practices, specifically wrt. cloud environments.

#LI-AZ1

#LI-REMOTE

Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role in the SF Bay Area / NYC area is:

$212,500—$250,000 USD

The base pay range for this role in Seattle Metro, Denver / Boulder Metro, New York (excluding NYC), Washington D.C., or California (excluding SF Bay Area) is:

$194,700—$229,100 USD

The base pay range for this role in Colorado (excluding Denver / Boulder Metro) and Washington (excluding Seattle Metro) is:

$177,100—$208,300 USD