Application Security Lead Engineer

Application Security Lead Engineer

Description -

We are seeking a highly skilled Application Security lead engineer/architect with a strong background in cloud software service management and application security to join our global team. In this role, you will play a crucial part in ensuring the reliability, scalability, and security of our software systems and digital experiences. You will work closely with the cross-functional teams to protect  HP’s software, systems, and data. You will focus on automating and improving the security aspects of our code development and deployment practices as well as leading the application security triage and prioritization processes. 

You will:

• Design, implement, and maintain infrastructure as code solutions for managing and protecting cloud resources, ensuring scalability, resilience and security 
• Contribute to the security hardening efforts and produce sensible baseline configurations for all applications and systems
• Lead the application security processes, including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes 
• Work closely with the development teams to promote best application security practices 
• Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards, including the remediation of the identified gaps in the security posture 
• Perform security reviews to make sure the secure code development practices culture is maintained across the organization
• Contribute to the bug bounty triage and remediation processes 

You bring:

• Bachelor's degree in computer science, Information Technology, or a related technical area 
• 8+ years of proven experience in Appsec (web, api, mobile) or related role 
• 4+ years of experience in cloud environments. (AWS preferred) 
• Proficient in managing static & dynamic code analysis tools
• Familiar with the Infrastructure as Code and “desired state” concepts including tools such as Terraform, Salt, Chef, Puppet etc 
• Knowledge of common attack vectors including OWASP Top 10 
• Experience in automating build and deployment infrastructure built on Kubernetes, Docker etc. 
• Experience in python programming or other shell scripting language 
• Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., GitHub) 
• Excellent problem-solving and communication skills 

Preferred Qualifications: 

• In-depth knowledge of containerization technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform) 
• Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS, serverless, and ensuring high availability and performance 
• Proficiency in application security assessments, penetration testing, red team, purple team 

Job -

Data & Information Technology

Schedule -

Full time

Shift -

No shift premium (India)

Travel -

Relocation -

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement