About the Role
We are looking for Security Engineering Interns to help scale our Infrastructure Security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the HashiCorp products and services.
Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
In this role, your responsibilities will include:
- Assist in designing, implementing and monitoring HashiCorp’s security controls and technologies
- Apply knowledge gained in Computer Science or Security courses to real world challenges
- Develop scripts and tools to automate tasks
- Build and implement security processes and tools for risk reduction and mature prevention, detection and response capabilities
- Assist in performing security review of HashiCorp’s infra and tech supply chain
- Triage, Respond to and Investigate Security Incidents affecting Platform and Infra Services
- Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
- Assist with security incidents that the company may face in alignment with our response processes
- Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
- Document security processes and standards
- Partner with subject matter experts on multiple information security areas (e.g. security architecture, security operations, CI/CD security etc.)
- Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs
- Contribute to the creation and delivery of security trainings
- Research emerging attack vectors and techniques
- Support GRC and customer security requests as needed
We are looking for talented self-starters who want to learn about security engineering. We will consider engineers with less security-specific experience but the desire to learn!
You may be a good fit for our team if you...
- Are currently pursuing a bachelor's degree in engineering, information technology or equivalent training in the United States, with an anticipated graduation date of Fall 2023- Spring 2024
- Have some coding proficiency
- Have basic understanding of application and infrastructure security testing methodologies and tools
- Are familiar with securing cloud services running in Amazon AWS or Google Cloud Platform
- Have fundamental knowledge in security, distributed systems, service oriented architectures or schedulers
- Have exposure to product / service architectures in modern cloud environments (IaaS, SaaS, PaaS)
- Want to learn secure operations practices, specifically wrt. cloud environments
- Are interested in security design / architecture and threat modeling
- Want to learn vulnerabilities (old and new), and options for defense / mitigation.
- Want to gain experience with microservice architectures, or large distributed systems.
- Experience with HashiCorp tools is a plus!
#LI-Remote