Sr. Security Engineer - Vulnerability Management

 Published 13 days ago
    
 Canada
Apply Now Please mention DailyRemote when applying

Disclaimer: Before you apply, please make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

About the Role 

We are looking for a Product Security Engineer specializing in Vulnerability Management to join our product security function. You will play a crucial role in building and extending existing tooling and processes to address vulnerabilities across multiple projects. Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

  • Contribute to the development of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
  • Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.
  • Work across various R&D teams to prioritize security features and bugs, and ensure implementation and mitigations.
  • Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
  • Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)
  • Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure.
  • Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.
  • Research emerging attack vectors and techniques.

We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!


You may be a good fit if you have knowledge and experience around:

  • Secure development practices, and integration into broader engineering activities.
  • Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
  • Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
  • Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
  • Security design / architecture and threat modeling.
  • Application and infrastructure security testing methodologies and tools.
  • Vulnerabilities (old and new), and options for defense / mitigation.
  • Product vulnerability management lifecycle.
  • Security audits, penetration tests, and/or bug bounty programs.
  • Cryptography and cryptographic libraries.
  • Secure operations practices, specifically wrt. cloud environments.

#LI-AZ1

#LI-REMOTE

Ace Your Job Interview

Read our advice on how to answer the most common interview questions.