Senior Security Developer

Senior Security Developer

Description -

Job Summary
• This role is responsible for designing, developing, testing, and maintaining security related firmware and software for collaboration devices. The role works closely with the security teams, product managers, and partners to fulfill critical security related tasks.

Responsibilities

• Develop and implement security architectures, designs, and strategies to improve product security.
• Conduct security assessments and vulnerability scans on network connected systems. Must have knowledge about Open-source tools used for SAST, SCA and DAST scans, like Veracode, SonarQube, BlackDuck, Snyk.
• Familiar with container security scanning and related tools.
• Investigate and respond to security incidents, breaches, and vulnerabilities. Experience with de-escalation techniques for customer issues.
• Knowledgeable in linux based intrusion detection/prevention systems, and other security tools. Experience in implementing it for embedded devices would be a plus.
• Implement and monitor encryption, authentication, and access control systems to ensure compliance with security policies. Knowledgeable in encryption standards, ciphers, and Algorithms like SHA-256, SHA-512 is required.
• Collaborate with development teams to integrate security practices into the software development lifecycle (SDLC). Experience with implementing Secure SDLC for embedded devices is huge plus!
• Perform risk assessments and threat modeling to identify and mitigate potential vulnerabilities. The ability to train development teams to assess risk vectors is needed.
• Provide recommendations for continuous improvement of security policies and procedures.
• Assist with the development and implementation of disaster recovery and business continuity plans.

 Required Skills & Qualifications:

• Bachelor's degree with 8 years of experience or Master's degree with 6 years of experience in Computer science, Information Technology, or a related field.
• Proven experience in cybersecurity, network security, or IT security.
• Strong knowledge of security tools and technologies, such as Veracode, Blackduck, Snyk, SonarQube, SonarLite, etc.
• Experience with security frameworks and best practices (e.g., NIST, ISO 27001, CIS).
• Proficient in programming/scripting languages. C/C++ and Python must have; Java, Bash, PowerShell, etc. good to have.
• Solid understanding of networking protocols (TCP/IP, DNS, HTTP/S, etc.) and web application security (OWASP Top 10).
• Experience with security incident response, risk assessments, and vulnerability management tools.
• Strong problem-solving skills and ability to troubleshoot security issues under pressure.
• Experience with Linux based devices and popular operating systems, like AOSP.
• Experience with AOSP security stack and some of the key concepts like TrustZone, KeyStore, Vault, BoringSSL.
• Experience with integrating security chips on SoC with AOSP security stack, like Secure Element, TPM, etc.
• Experience with SSL, TLS versions, and Root of trust.
• Experience with X.509 Certificate validations, revocations like OCSP, CRLs.

Education & Experience Recommended
• Four-year or Graduate Degree in Computer Science, Information Systems, or any other related discipline or commensurate work experience or demonstrated competence.
• Typically has 7-10 years of work experience, preferably in Android/Linux programming, or a related field.

Preferred Certifications
• Programming Language/s Certification (C/C++, Python, Java, JavaScript, or similar)

• Security+

• CEH

• OSCE

• OSCP

Knowledge & Skills
• Software Development
• Software Engineering
• Agile Methodology

Cross-Org Skills
• Effective Communication
• Results Orientation
• Learning Agility
• Digital Fluency
• Customer Centricity

Impact & Scope
• Impacts function and leads and/or provides expertise to functional project teams and may participate in cross-functional initiatives.

Complexity
• Works on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors.

Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

The base pay range for this role is $120,000 to $160,000 annually with additional opportunities for pay in the form of bonus and/or equity (applies to US candidates only).  Pay varies by work location, job-related knowledge, skills, and experience.

Benefits:

HP offers a comprehensive benefits package for this position, including:

• Health insurance
• Dental insurance
• Vision insurance
• Long term/short term disability insurance
• Employee assistance program
• Flexible spending account
• Life insurance
• Generous time off policies, including; 
  • 4-12 weeks fully paid parental leave based on tenure
  • 11 paid holidays
  • Additional flexible paid vacation and sick leave (US benefits overview)

The compensation and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.

Job -

Software

Schedule -

Full time

Shift -

No shift premium (United States of America)

Travel -

Not Specified

Relocation -

Yes

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement