Software Product Security Engineer 3
Software Product Security Engineer 3
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Description
We are seeking an experienced Application Security Engineer with a strong background in application security and pentesting to join our global team. In this role you will ensure the resiliency and security of our software systems and digital experiences. You will work closely with the crossfunctional teams to protect HPs software systems and data. You will focus on automating and improving the security aspects of our code development and deployment practices and leading the application security triage and prioritization processes.
You will:
- Work with developers to implement and maintain secure software development life cycle best practices to produce secure products and services.
- Contribute to the security hardening efforts and produce sensible baseline configurations for all applications and systems
- Perform application security penetration testing including managing the existing security tools in the CI/CD pipelines reviewing proposed project architectures initial threat modeling triage of the identified application security defects and the suggested fixes
- Implement and maintain DevOps security tools to perform SAST DAST SCA SBOM and vulnerability management.
- Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards including the remediation of the identified gaps in the security posture
- Perform security reviews to make sure the secure code development practices culture is maintained across the organization
- Contribute to the bug bounty triage and remediation processes
You bring:
- Bachelors degree in Computer Science Information Technology or a related technical field
- 5 years of proven experience in AppSec (web API mobile) or a related role
- 3 years of experience in cloud environments (AWS preferred)
- Proficient in managing static and dynamic code analysis tools
- Familiar with the Infrastructure as Code and desired state concepts including tools such as Terraform Salt Chef Puppet etc.
- Knowledge of common attack vectors including OWASP Top 10
- Experience automating build and deployment infrastructure built on Kubernetes Docker etc.
- Experience in Python programming or other shell scripting languages
- Experience with CI/CD tools (e.g. Jenkins CircleCI) and version control systems (e.g. GitHub)
- Excellent problemsolving and communication skills
Skills:
- OWASP top 10
- NIST
- OSCP/CEH/CISSP/eJPT/eWPT (Certifications)
- Bug Bounty
- Web Security
- API Security
- Burp Suite
- Threat modelling
- Kali Linux
Preferred Qualifications:
- Indepth knowledge of containerization technologies (Docker) orchestration (Kubernetes) and infrastructure as code (Terraform).
- Proficiency in deploying monitoring and scaling containerized applications on AWS using EKS serverless and ensuring high availability and performance.
- Proficiency in application security assessments penetration testing red team purple team.
#LIPOST
Job
SoftwareSchedule
Full timeShift
No shift premium (India)Travel
Relocation
Equal Opportunity Employer (EEO)
HP Inc. provides equal employment opportunity to all employees and prospective employees without regard to race color religion sex national origin ancestry citizenship sexual orientation age disability or status as a protected veteran marital status familial status physical or mental disability medical condition pregnancy genetic predisposition or carrier status uniformed service status political affiliation or any other characteristic protected by applicable national federal state and local law(s).
Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.
If youd like more information about HPsEEO Policyor your EEO rights as an applicant under the law please click here:Equal Employment Opportunity is the LawEqual Employment Opportunity is the Law Supplement
Employment Type
Full-Time
