Product Security Engineer II

@ IBM

Introduction

A career in IBM Software means you'll be part of a team transforming customer challenges into industry-leading solutions. You will join an infinitely curious team dedicated to creating AI-powered, cloud-native software solutions that enable exceptional client experiences.

About the Team

The Product Security Platform Partnerships team comprises security engineers ensuring that HashiCorp, now part of IBM, delivers secure software. The team works closely with product engineering teams on secure code practices, design review, threat modeling, and vulnerability management.

Your Role and Responsibilities

• Contribute to the secure architecture and design across HashiCorp products.
• Collaborate with multiple R&D teams to prioritize and implement security features and mitigations.
• Monitor threats and vulnerabilities, triaging reports and communicating risks.
• Serve as a subject matter expert in security architecture, application security, and threat modeling.
• Plan and execute security assessments, dynamic and static testing, and code reviews.
• Assist with 3rd-party audits, penetration tests, and bug bounty programs.
• Develop security solutions, integrations with CI/CD, and product security enhancements.
• Deliver security training and research emerging attack vectors.

Preferred and Required Expertise

Education: Bachelor's Degree preferred.

Experience: Over 4 years in security including secure development, threat modeling, and vulnerability management in cloud environments (AWS, Azure, GCP). Knowledge in authentication, identity management, cryptography, and application/infrastructure security testing is required. Preferred skills include familiarity with modern engineering practices and the Go programming language.

Key skills/competency

• Cloud Security
• Threat Modeling
• Vulnerability Management
• Secure Architecture
• Risk Assessment
• Penetration Testing
• CI/CD Integration
• Cryptography
• Security Training
• Cloud Platforms