Senior Compliance Engineer, Security Controls & Compliance Operations

About HashiCorp

At HashiCorp, we’re building a generation-defining infrastructure software company, powered by our core principles and a growing team of talented, committed professionals working together to help organizations seamlessly transition to and operate in the cloud. Founded in 2012 and headquartered in San Francisco, 85 percent of our employees work remotely, strategically distributed around the globe. From our inception we built the company with a remote-first approach because we believe talent has no boundaries.

At HashiCorp, we’re building a generation-defining infrastructure software company, powered by our core principles and a growing team of talented, committed professionals working together to help organizations seamlessly transition to and operate in the cloud. Founded in 2012 and headquartered in San Francisco, 85 percent of our employees work remotely, strategically distributed around the globe. From our inception we built the company with a remote-first approach because we believe talent has no boundaries.

HashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. Our open source software is used by millions of users to provision, secure, connect, and run any infrastructure for any application. The Global 2000 uses our enterprise software to accelerate application delivery and drive innovation through software. 

We’re looking for a hands-on Senior Security Controls & Compliance Operations Engineer to drive automation across the security compliance context in a modern cloud environment and mature the HashiCorp Common Controls Framework with a focus on technical controls.

Security at HashiCorp is a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, you will:

• Automate evidence collection for external security audits and internal control assessments
• Automate continuous monitoring, testing and reporting of security controls
• Automate common processes and tasks within GRC, such as user access reviews
• Work with Engineering, Product, IT, and other teams to improve the security and compliance postures of HashiCorp products, infrastructure, and processes
• Identify ways HashiCorp products can be used to meet compliance requirements, define those best practices, and work with internal teams to implement them
• Maintain and mature HashiCorp’s Common Controls Framework
• Map common controls to security frameworks, regulations, and internal policies, including SOC2, ISO 27001/17/18, PCI, HIPAA, FedRAMP, and others, with key focus on technical controls and  the use of HashiCorp products to meet compliance requirements.
• Assist with other GRC activities as needed

You may be a good fit if you have knowledge and experience around:

• 4+ years of experience in or around security, with a focus on automation in modern cloud environments
• Developing tools / scripting in Python and/or Go
• Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
• Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
• Modern engineering practices, processes, and tools
• Infrastructure as code
• Compliance frameworks, standards, or control catalogs, such as SOC2, ISO 27001/17/18, PCI, HIPAA, and FedRAMP

We will consider experienced engineers with less security-specific experience, such as system administration with general exposure to security and compliance, but the desire to learn!

#LI-RR1

#LI-Remote

HashiCorp embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be.

For more information regarding how HashiCorp collects, uses, and manages personal information, please review our Privacy Policy.