Application Security Engineer

Description -

We are seeking an experienced Application Security Engineer with a strong background in application security and pen-testing to join our global team. In this role, you will ensure the resiliency and security of our software systems and digital experiences. You will work closely with the cross-functional teams to protect HP’s software, systems, and data. You will focus on automating and improving the security aspects of our code development and deployment practices and leading the application security triage and prioritization processes. 

You will:

• Work with developers to implement and maintain secure software development life cycle best practices to produce secure products, and services.
• Contribute to the security hardening efforts and produce sensible baseline configurations for all applications and systems
• Perform application security penetration testing, including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes 
• Implement and maintain DevOps security tools to perform SAST, DAST, SCA, SBOM and vulnerability management.
• Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards, including the remediation of the identified gaps in the security posture 
• Perform security reviews to make sure the secure code development practices culture is maintained across the organization
• Contribute to the bug bounty triage and remediation processes 

You bring:

• Bachelor's degree in Computer Science, Information Technology, or a related technical field 
• 5+ years of proven experience in AppSec (web, API, mobile) or a related role 
• 3+ years of experience in cloud environments (AWS preferred) 
• Proficient in managing static and dynamic code analysis tools
• Familiar with the Infrastructure as Code and “desired state” concepts, including tools such as Terraform, Salt, Chef, Puppet etc. 
• Knowledge of common attack vectors, including OWASP Top 10 
• Experience automating build and deployment infrastructure built on Kubernetes, Docker etc. 
• Experience in Python programming or other shell scripting languages 
• Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., GitHub) 
• Excellent problem-solving and communication skills 

Skills:

• OWASP top 10
• NIST
• OSCP/CEH/CISSP/eJPT/eWPT (Certifications)
• Bug Bounty
• Web Security
• API Security
• Burp Suite
• Threat modelling
• Kali Linux

Preferred Qualifications: 

• In-depth knowledge of containerization technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform). 
• Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS, serverless, and ensuring high availability and performance. 
• Proficiency in application security assessments, penetration testing, red team, purple team.

#LI-POST

Job -

Schedule -

Shift -

Travel -

Relocation -

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement