Engineering Manager, Product Security

Job description

Manager, Product Security

JR104287

US - REMOTE

HashiCorp solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.

We are looking for a Product Security Manager to help scale our product security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the HashiCorp suite of cloud and self-managed products.  This role will report to our Director of Product Security.

Security at HashiCorp is a remote team. While prior experience working remotely isn’t required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Oversee and contribute to product-specific and program-level security initiatives and activities being undertaken by members of the Product Security team.
• Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigations.
• Lead and grow a team of high-performing security engineers.
• Develop roadmaps, track progress, and evaluate team / functions performance
• Provide mentorship, support, and career development opportunities for team members and enable the team to scale.
• Be a subject matter authority and have strategic influence
• Assist leadership to develop strategic plans and long-term roadmaps
• Monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
• Plan & oversee security assessments (dynamic testing, static testing, code review, etc) and threat modeling of HashiCorp’s products, services, and associated cloud infrastructure.
• Manage design & implementation of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
• Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)

What you’ll need (basic qualifications)

• 6+ years of work experience in product security, application security, or broader security engineering areas
• Demonstrated managerial aptitude & leadership skills
• Ability to prioritize and track multiple projects in parallel
• Ability to engage with stakeholders and communicate asks / status / gaps
• Demonstrated technical experience across related security disciplines

While a managerial role, this is technically oriented and you broader skill set may include:

• Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
• Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
• Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
• Secure development practices, and integration into broader engineering activities.
• Secure operations practices, specifically wrt. cloud environments.
• Application and infrastructure security testing methodologies and tools.
• Security design / architecture and threat modeling.
• Vulnerabilities (old and new), and options for defense / mitigation.
• Product vulnerability management lifecycle.
• Security audits, penetration tests, and/or bug bounty programs.
• Cryptography and cryptographic libraries.

#LI-REMOTE

Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role in the SF Bay Area / NYC area is:

$208,300—$245,000 USD

The base pay range for this role in California (excluding SF Bay Area), New York (excluding NYC), Seattle Metro, Denver / Boulder Metro, Washington D.C., or Maryland is:

$190,900—$224,600 USD

The base pay range for this role in Colorado (excluding Denver / Boulder Metro), Illinois, Minnesota, or Washington (excluding Seattle Metro) is:

$173,600—$204,200 USD

“HashiCorp is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organization. HashiCorp will be the hiring entity. By proceeding with this application you understand that HashiCorp will share your personal information with other IBM subsidiaries involved in your recruitment process, wherever these are located. More information on how IBM protects your personal information, including the safeguards in case of cross-border data transfer, are available here: link to IBM privacy statement .”