Security Director, Red Team
Security Engineering Director, Red Team
HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We build tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines, Windows, and Linux, SaaS and IaaS, etc. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software.
We're looking for an Security Engineering Director / Manager to build a Red Team from ground up. This role will report directly to our Chief Security Officer. This team will help HashiCorp through vulnerability discovery, disclosure and mitigation in our products, services, infrastructure and ecosystem. This role presents a unique opportunity of building and running a team with high visibility across HashiCorp, its customers and partners.
As the leader of our Red Team, you’ll be responsible for ensuring that HashiCorp's products, services and processes are continuously tested and ready for an attack from threat actors. You’ll be guiding the team to focus on the systems, services and processes that protect HashiCorp’s most valuable resources, communicate with leadership, engineering teams, and outside stakeholders as needed. This team will design and build adversary-focused engagements. This position requires strong people management experience, deep technical security knowledge and hands on strategic leadership in building a world class Red Team organization.
Engineering at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be
In this role, your responsibilities will include:
- Build and lead a high-performing and motivated offensive security team.
- Develop roadmaps, track progress, and evaluate team / functions performance
- Provide mentorship, support, and career development opportunities for team members and enable the team to scale.
- Be a subject matter authority and have strategic influence
- Demonstrated experience in leading vulnerability research, penetration testing, reverse engineering, application and infrastructure security.
- Assist CSO & other leadership to develop strategic plans and long-term roadmaps
- Partner with other engineering teams to address challenges related to a broad spectrum of threat actors.
- Conduct attacks and emulate attack campaigns to mimic adversarial tactics, techniques and procedures.
- Design / conduct table top scenarios for security incidents, business continuity and disaster recovery
- Research emerging attack vectors and techniques
- Design / conduct CTF exercises for training and awareness of security and operational teams
- 10+ years of work experience in security engineering disciplines, including 5+ years of proven hands-on technical management experience of security engineers and engineering managers
- Expert knowledge of Application, Web and Network penetration testing techniques
- Application analysis (fuzzing, reverse engineering, code analysis)
- Demonstrated technical experience across related security disciplines e.g. intrusion detection and response, network security, infrastructure security, etc
- Familiarity with securing cloud services running in Modern Cloud environments
- Ability to prioritize and track multiple projects in parallel
- Experience building out high performing security teams
- Previous experience leading Red Teams.
- Published Security advisories, vulnerability research and bug bounties
- Experience implementing and scaling security programs in a startup environment
- Speaking / publishing in Tier 1 security conferences
HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.
Apply for this Job
Did we miss something?
Do you believe you'd be a great fit for this role, but the description above doesn't quite match your skills or experience? We'd still like to hear from you.
Subscribe to our monthly newsletter to get the latest news and product updates.