Application Security and Ethical Hacker
As an AppSec Engineer and Ethical Hacker at HashiCorp, you will be an agent for change as you hunt threats and vulnerabilities and train our engineers to prevent them. Working directly with the Head of Global Security, you will be part of a growing team to improve our security posture through penetration testing, social engineering, and regular hands-on and simulated training across every vertical in the company.
Building our adversarial security testing team, you will have a chance to work closely with engineering, product and operations teams to provide training, tools, and encourage accountability in a positive way to build strong security advocates in each department. You should be passionate helping our partners understand why security matters, balancing an unforgiving need to manage risks with pragmatism and empathy to help our peers to be secure and successful.
We want you to:
- Be a security subject matter expert on applying adversarial tools and techniques in a safe and controlled manner
- Deliver concise, impactful presentations and reports on threats, test findings and recommendations to broad audiences
- Develop useful patterns and techniques to help other teams proactively identify and prevent security issues
- Partner with our open source teams to ensure community Pull Requests don’t introduce new defects
- Work with the Product teams to maintain and communicate threat models with Engineering for each of our enterprise products
- Conduct manual penetration tests against our open source and enterprise products
- Partner with other teams during Incident Response, digital forensics and table-top activities
- Develop and lead training exercises to improve our engineers’ security knowledge
- Collaborate on social engineering and corporate security tests to keep teams engaged
- Hunt threats and new attack vectors for our tools, our employees, our customers and the HashiCorp community
- Build or implement open source and third party tools to support detection, prevention and analysis of current and future security threats
- Guide teams with clear instructions to reduce risks through small, simple changes
- Be creative in finding ways to educate and influence change in a positive way
More about you:
- You have 7+ years in information security, secure development and penetration testing
- You have strong opinions on the pros and cons of different approaches to application security and penetration testing
- You’re comfortable writing code in languages like Go, Ruby, Python and Node.js
- You have experience with digital forensics in a geographically distributed company
- You’re great at being offensive to systems without offending people
- You’re happier and more productive managing your own time
- You are excited to simplify and automate complex processes
- You can quickly explain security concepts to different audiences
Industry certifications such as the OCSE, CASE, and GPEN are strongly preferred. A degree, other industry certifications and open courseware classes are a plus, but not required. Have something else you’d like to share? We’d love to see any publications, projects, open source contributions and presentations.
HashiCorp is an equal opportunity employer. We celebrate diversity and are committed to building an inclusive environment for all employees.
Apply for this Job
Did we miss something?
Do you believe you'd be a great fit for this role, but the description above doesn't quite match your skills or experience? We'd still like to hear from you.
Subscribe to our monthly newsletter to get the latest news and product updates.