Image Loading

Product Security Engineer

Job Description

We are looking for Product Security Engineers to help scale our product security function, which works closely with Research & Development teams to ensure that security is appropriately addressed across the HashiCorp suite of cloud and self-managed products.  

We are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

  • Contribute to secure architecture and design of HashiCorp products.
  • Partner with R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.
  • Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations, and assess/communicate associated risks.
  • Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure.
  • Build and implement security solutions across the product lifecycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
  • Act as SME in multiple information security areas (e.g. security architecture, application security, threat modeling etc.)
  • Assist in the execution of 3rd-party audits, penetration tests, and bug bounty programs.
  • Contribute to the creation and delivery of security training.
  • Research emerging attack vectors and techniques.

We are looking for talented self-starters with 6+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!

You may be a good fit if you have knowledge and experience around:

  • Product/service architectures in modern cloud environments (IaaS, SaaS, PaaS).
  • Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
  • Secure development practices, and integration into broader engineering activities.
  • Secure operations practices, specifically wrt. cloud environments including Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP)..
  • Application and infrastructure security testing methodologies and tools.
  • Security design/architecture and threat modeling.
  • Vulnerabilities (old and new), and options for defense/mitigation.
  • Product vulnerability management lifecycle.
  • Security audits, penetration tests, and/or bug bounty programs.
  • Cryptography and cryptographic libraries.

Skills

  • Security Architecture Design
  • Threat Modeling
  • GO
  • Cloud platform
  • Security Testing

Education

  • Master's Degree
  • Bachelor's Degree

Job Information

Job Posted Date

Mar 10, 2025

Experience

4 to 8 Years

Compensation (Annual in Lacs)

Best in the Industry

Work Type

Permanent

Type Of Work

8 hour shift

Category

Information Technology

Copyright © 2022 All Rights Reserved. Saas Talent