About the Role

We are looking for Security Engineering Interns to help scale our Infrastructure Security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the HashiCorp products and services.

Security at HashiCorp is largely a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.

In this role, your responsibilities will include:

• Assist in designing, implementing and monitoring HashiCorp’s security controls and technologies.
• Apply knowledge gained in Computer Science or Security courses to real world challenges
• Develop scripts and tools to automate tasks
• Build and implement security processes and tools for risk reduction and mature prevention, detection and response capabilities
• Assist in performing security review of HashiCorp’s infra and tech supply chain
• Triage, Respond to and Investigate Security Incidents affecting Platform and Infra Services
• Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
• Assist with security incidents that the company may face in alignment with our response processes
• Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
• Document security processes and standards.
• Partner with subject matter experts on multiple information security areas (e.g. security architecture, security operations, CI/CD security etc.)
• Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.
• Contribute to the creation and delivery of security trainings.
• Research emerging attack vectors and techniques.
• Support GRC and customer security requests as needed

We are looking for talented self-starters who want to learn about security engineering. We will consider engineers with less security-specific experience but the desire to learn!

You may be a good fit for our team if you...

• Are currently pursuing a bachelor's degree in engineering, information technology or equivalent training in the United States and returning back to school following completion of this internship
• Have some coding proficiency 
• Have fundamental knowledge in security, distributed systems, service oriented architectures or schedulers
• Have knowledge of modern engineering practices, processes, and tools.
• Have exposure to product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
• Want to learn secure operations practices, specifically wrt. cloud environments.
• Have basic understanding of application and infrastructure security testing methodologies and tools.
• Are interested in security design / architecture and threat modeling.
• Want to learn vulnerabilities (old and new), and options for defense / mitigation.
• Familiarity with securing cloud services running in Amazon AWS or Google Cloud Platform
• Want to gain experience with microservice architectures, or large distributed systems.
• Experience with HashiCorp tools is a plus!