Job Description

Locations

• Multiple Locations, India (Remote)

Salary

Skills Required

• Secure development practicesintermediate
• Security design / architectureintermediate
• Threat modelingintermediate
• Product and service architecturesintermediate
• Amazon Web Services (AWS)intermediate
• Microsoft Azureintermediate
• Google Cloud Platform (GCP)intermediate
• Secure operations practicesintermediate
• Authentication and Identity managementintermediate
• SAMLintermediate
• SSOintermediate
• OIDCintermediate
• SCIMintermediate
• Application and infrastructure security testing methodologies and toolsintermediate
• Vulnerabilitiesintermediate
• Product vulnerability management lifecycleintermediate
• Cryptographyintermediate
• Cryptographic primitivesintermediate
• Written and verbal communicationintermediate
• Modern engineering practicesintermediate
• Go programming languageintermediate
• Application security topicsintermediate

Required Qualifications

• 8-10+ Years of Security experience (experience)
• Secure development practices, and integration into broader engineering activities (experience)
• Security design / architecture and threat modeling (experience)
• Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS) (experience)
• Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP) (experience)
• Secure operations practices, specifically in cloud environments (experience)
• Authentication and Identity management (e.g. SAML, SSO, OIDC, SCIM, etc) security best practices (experience)
• Application and infrastructure security testing methodologies and tools (experience)
• Vulnerabilities (old and new), and options for defense / mitigation (experience)
• Product vulnerability management lifecycle (experience)
• Working with and/or supporting product engineering teams (experience)
• Security audits, penetration tests, and/or bug bounty programs (experience)
• Cryptography and cryptographic primitives (experience)
• Strong written and verbal communication skills (experience)

Preferred Qualifications

• Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem (experience)
• Knowledge of application security topics, a pragmatic approach to security, and the ability to empathize with engineers and product managers across the company (experience)

Responsibilities

• Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio
• Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk
• Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling, etc.)
• Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure
• Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs
• Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc
• Contribute to the creation and delivery of security training
• Research emerging attack vectors and techniques

Benefits

• general: Opportunity to learn and develop career
• general: Encouragement to be courageous and experiment everyday
• general: Continuous trust and support in an environment where everyone can thrive
• general: Growth minded culture, always staying curious, open to feedback and learning new information and skills
• general: Trusted to provide on-going feedback to help other IBMers grow
• general: Collaborative team focused approach
• general: Equal-opportunity employment
• general: Commitment to compliance with fair employment practices

Tags & Categories