**About the Role** We are looking for Product Security Engineers to help scale our product security function, which works closely with Research & Development teams to ensure that security is appropriately addressed across the HashiCorp suite of cloud and self-managed products. This role will report to a Product Security manager. Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy. **In this role, your responsibilities will include:** + Contribute to secure architecture and design of HashiCorp products. + Partner with R&D teams to prioritize security features and bugs, and ensure implementation and mitigations. + Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations, and assess/communicate associated risks. + Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure. + Build and implement security solutions across the product lifecycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc. + Act as SME in multiple information security areas (e.g. security architecture, application security, threat modeling etc.) + Assist in the execution of 3rd-party audits, penetration tests, and bug bounty programs. + Contribute to the creation and delivery of security training. + Research emerging attack vectors and techniques. We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn! **You may be a good fit if you have knowledge and experience around:** + Product/service architectures in modern cloud environments (IaaS, SaaS, PaaS). + Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem. + Secure development practices, and integration into broader engineering activities. + Secure operations practices, specifically wrt. cloud environments including Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).. + Application and infrastructure security testing methodologies and tools. + Security design/architecture and threat modeling. + Vulnerabilities (old and new), and options for defense/mitigation. + Product vulnerability management lifecycle. + Security audits, penetration tests, and/or bug bounty programs. + Cryptography and cryptographic libraries. #\#LI-AD1\#LI-Hybrid