Product Security Engineer, Programs Team

Canada - Ontario

We are looking for a Security Engineer with development experience to join our Product Security function. You will play a crucial role in building and extending existing tooling and processes to address vulnerabilities across multiple projects.

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.

In this role, your responsibilities will include:

  • Primarily, contribute to the development of security solutions across the product life-cycle, such as standalone security tools, “shift left” CI/CD pipeline components, security solution integrations, product security features/fixes, etc. You will be working on tooling to support other Product Security team members and the HashiCorp R&D organization more broadly.
  • Secondarily, support other Product Security teams in efforts to monitor threats and vulnerabilities impacting HashiCorp products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk. Identity and explore opportunities to strengthen these efforts with tooling / automation.
  • Contribute to secure architecture and design of HashiCorp products, across our cloud, self-managed, and community product portfolio.

We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!

You may be a good fit if you have knowledge and experience around:

  • Secure development practices, and integration into broader engineering activities.
  • Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
  • Product and service architectures in modern, multi-tenant cloud environments (IaaS, SaaS, PaaS).
  • Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
  • Security design / architecture and threat modeling.
  • Product vulnerability management lifecycle.
  • Cryptography and cryptographic libraries.
  • Secure operations practices, specifically with respect to cloud environments.


Individual pay within the range will be determined based on job related-factors such as skills, experience, and education or training.

The base pay range for this role is:$134,300—$158,000 CAD Apply