Manager, Product Security

JR104287

US - REMOTE

HashiCorp solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software. 

We are looking for a Product Security Manager to help scale our product security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the HashiCorp suite of cloud and self-managed products. 

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Oversee and contribute to product-specific and program-level security initiatives and activities being undertaken by members of the Product Security team.
• Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigations.
• Lead and grow a team of high-performing security engineers.
• Develop roadmaps, track progress, and evaluate team / functions performance
• Provide mentorship, support, and career development opportunities for team members and enable the team to scale.
• Be a subject matter authority and have strategic influence
• Assist leadership to develop strategic plans and long-term roadmaps
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
• Plan & oversee security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure.
• Manage design & implementation of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
• Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)

What you’ll need (basic qualifications)

• 6+ years of work experience in product security, application security, or broader security engineering areas
• Demonstrated managerial aptitude & leadership skills
• Ability to prioritize and track multiple projects in parallel
• Ability to engage with stakeholders and communicate asks / status / gaps
• Demonstrated technical experience across related security disciplines

While a managerial role, this is technically oriented and you broader skill set may include:

• Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
• Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
• Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
• Secure development practices, and integration into broader engineering activities.
• Secure operations practices, specifically wrt. cloud environments.
• Application and infrastructure security testing methodologies and tools.
• Security design / architecture and threat modeling.
• Vulnerabilities (old and new), and options for defense / mitigation.
• Product vulnerability management lifecycle.
• Security audits, penetration tests, and/or bug bounty programs.
• Cryptography and cryptographic libraries.

#LI-REMOTE