HashiCorp is a fast-growing enterprise software company that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software. 

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

The CorpSec team is a subset of the larger Security organization. We support the HashiCorp business by partnering closely with the IT, Security, and Engineering organizations to implement technical solutions to meet our security policies and compliance requirements. CorpSec is one layer in a multi-layered approach to protect the HashiCorp business through the use of technology. 

In this role, your responsibilities will include:

• Design, implement and monitor HashiCorp’s corporate information security controls and technologies
• Build and implement security processes and tools for risk reduction and mature corporate information security capabilities
• Identify, deploy, and improve existing and new internal security processes with automation enhancements and improvements
• Perform security review of HashiCorp’s corporate information assets
• Triage, respond to and investigate security incidents affecting business applications, SaaS applications and partner services
• Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
• Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
• Document security processes and standards
• Act as SME on multiple information security areas (e.g. endpoint security, email security and vulnerability management for endpoints.)
• Work closely with HashiCorp Information Technology team
• Support GRC and customer security requests as needed
• Assist Threat Detection/Response & Product Security teams

You may be a good fit if you have knowledge and experience around:

• We are looking for a talented engineer with 5+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!
• Modern information technology approaches and applications
• Securing productivity software and systems in a remote, cloud-first environment
• Strong experience in automation, coding, and scripting languages (such as Python, GoLang, Bash, JavaScript, etc.)
• Modern engineering practices, processes, and tools
• Security design / architecture and threat modeling
• Vulnerabilities (old and new), and options for defense / mitigation
• Familiarity with securing SaaS & cloud services running in Amazon AWS or Google Cloud Platform
• Experience with microservice architectures, or large distributed systems
• General understanding of security fundamental and security operations
• Understanding of security management, governance, risk, and compliance
• Experience with HashiCorp tools is a plus

#LI-AZ1

#LI-REMOTE