Senior Security Apps Engineer

Location(s):
Spring, Texas, United States of America
Bangalore, Karnataka, India
Category: Engineering
Job ID: 3065273
Posted: 1/8/2021 8:00:00 AM

About HP

At HP, talent is our criteria. Join us in reinventing the standard for diversity and inclusion. Bring your awesomeness, and just be you!

We’re reinventing technology to make life better for everyone, everywhere around the globe.  From Personal Systems to Print, we’re engineering experiences that amaze.  HP Global Digital Support is transforming the way our customers access support, from on demand tools to our AI Bot, access to support and services are at our customers fingertips.

Join our team and share the vision.

Job Description

At HP, security is our priority and delivering exception customer experience that is safe and secure is what we do within the HP Customer Experience + Digital team.  We’re looking for an experience cybersecurity engineer with hands on expertise in applications security.  You will be responsible for defining and administering consistent software development lifecycles that expands our current security practices throughout the planning and delivery phases that mitigates our solutions security risk.

The successful candidate is passionate about security with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities, seasoned in implementing best practices design and threat modeling and can work in a dynamic environment. You will perform penetration testing and provide recommendations to developers on mitigations for all our client based support solutions including HP Support Assistant (MS Windows/Mobile versions), our gateway for supportability web services and our virtual bot service.  You will primarily interface with software developers, partners and HP Global Cyber Security in producing secure code in short time frames.

Duties and Responsibilities

  • Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services
  • Work closely with DevOps to verify and respect best practices and security requirements
  • Drive security audits for solutions portfolio and engage w/ respective team members to ensure compliance
  • Technical point of contact for product teams as it relates to Product Application Security Operations
  • Analyzes vulnerabilities, attacks or threats to determine risk, adversary intent, and prioritize mitigation or response.
  • Owns resolution of HP security issues related to security vulnerabilities, incidents and threats.
  • Recommends containment, eradication, and recovery measures for any observed attack or breach. Combines industry expertise with a thorough understanding of information and security technology to direct development of vulnerability remediation or mitigation plans.
  • Build tools and automation scripts that enable developers to easily consume security services delivered by Global Cyber Security, Security Engineering and Automation team
  • Responsible for security product QA and Testing (Penetration Testing, Veracode etc…)
  • Build strong relationships with product development teams
  • Understand existing processes and identifying how to improve and streamline them in order to improve team efficiency and effectiveness
  • Lead solutions security architecture reviews in collaboration with the assets team.
  • Provide recommendations, code review on implementation from a security perspective that minimizes attack surface
  • Provide technical guidance and educate team members and coworkers on security practices in development and operations
  • Brainstorm for new ideas and ways to improvement security in our delivery
  • Document and design various processes; update existing processes related to security
  • Follow all best practices and procedures as established by company’s Global Cyber Security Team

  • Knowledge and skills – required:
  • 10+ years of applications/web security experience
  • Bachelor degree in Computer Science or related field and 2-4  years of Software Development Experience 
  • 2-3 Years of Experience in Web Application Security, SSDLC and Threat Modelling
  • Hands on experience with Software Development Java / C# / C++, JavaScript and HTML, 
  • MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization
  • Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
  • Success in implementing effective Secure SDLC frameworks across a large corporation.
  • Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning 
  • Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
  • Deep knowledge and experience in using SAST, DAST and fuzz testing tools
  • Highly effective communicator; well-honed influencing and negotiating skills
  • Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
  • Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams

Knowledge and skills – nice to have:

  • MS degree in Information System management / Computer Science / Information Security or a related technical discipline
  • Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT etc.
  • Experience with VisualStudioOnline/VisualStudioTeamServices
  • AWS services (API GW, VPC, SQS, Lambda, CloudFront, Kinesis)
  • Azure services (Compute, Storage, Security)
  • Experience with SoapUI, Selenium, Appium, or other testing frameworks
  • Agile/Scrum/DevOps methodologies 
  • Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. 

Still looking for the right opportunity?

Join our talent community. Be the first to find out about job openings. Discover if there's a career match for you.

Legal & EEO statements

Integrity at HP:

The Integrity at HP embody the fundamental principles that govern our ethical and legal obligations to HP. They pertain not only to our conduct within the company but also to conduct involving our customers, channel partners, suppliers and competitors. Read more about how we win the right way.

Equal Opportunity Employer (EEO):

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).


Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.


If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law - Supplement


Pay Transparency Nondiscrimination Provision: The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.

Accessibility:

HP is committed to working with and providing reasonable accommodation to qualified individuals with physical and mental disabilities. If you need assistance in filling out the employment application or require a reasonable accommodation while seeking employment, please e-mail usaccomodation@hp.com. Note: This option is reserved for applicants needing a reasonable accommodation related to a disability.

Page Javascript