Security Expert

Security Expert

  

This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office.

Who We Are:

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.

Job Description:

   

HPE Operations is our innovative IT services organization. It provides the expertise to advise, integrate, and accelerate our customers’ outcomes from their digital transformation. Our teams collaborate to transform insight into innovation. In today’s fast paced, hybrid IT world, being at business speed means overcoming IT complexity to match the speed of actions to the speed of opportunities. Deploy the right technology to respond quickly to market possibilities. Join us and redefine what’s next for you.

What you’ll do:

· As the lead Vulnerability Analyst for HPE’s Digital Experience Development team, you will research, design, and perform penetration testing to identify vulnerabilities and strengthen security measures across our entire portfolio of web applications, web service APIs, and third-party services.

· Direct and coordinate the implementation of test automation and other test tools (security, quality etc.)

· Develop and utilize security metrics to assess security performance trends.

· You will be involved in mentoring younger members of the team in the security testing domain.

· Your typical day will involve the plan, execution and documentation of a security assessment of one of our solutions. You work with related developers in a white-box assessment and can directly influence the security of our future solutions.

· As a Security engineer for HPE’s Digital Experience Development team, you will be working as the recognized authority and bring relevant subject matter expertise on application security strategy, architecture and roadmaps, review application architectures, code and system services from a security perspective.

· Drive assessment, operationalization and adoption of new technologies, platforms and tools.

· You will contribute to key innovations across complex product specs and architectures to be successful.

· Influence and lead cross-functional teams and projects that affect organizational long-term goals and objectives.

· Your typical day will involve developing and working on security testing methodologies based on standards, best practices and industry research, active code review. You will contribute to a secure CI/CD pipeline. You strive for excellence in execution in delivering high quality software releases in a SAFe agile environment.

· Review and evaluate designs, project activities to ensure standards compliance and provides tangible feedback to improve security, product quality and mitigate failure risk.

· You contribute to the creation and maintenance of custom security specifications for the HPE’s Digital Experience Development team, refining or extending HPE’s cyber security policies, standards and specifications.

· You understand secure software development and work across engineering teams to ensure that secure design principles are integrated into the organizational software development model.

· You are a recognized security expert and bring business acumen to influence decisions of HPE’s executive business leadership and outsourced development partners.

· You enjoy providing guidance and mentoring to less-experienced staff members to set an example of secure software systems design, innovation and excellence.

· You understand DevOps life cycles and what it takes to build and test a product for the cloud with customer experience at the heart of it.

· Have worked in an Agile / SCRUM methodology to organize and execute projects.

· Have experience working as a penetration tester evaluating weaknesses across complex environments.

What you need to bring:

· Bachelor's or Master's degree in Computer Science, Information Systems, or equivalent.

· Typically 8+ years’ experience. Working experience in product security is highly required for this role.

· Working experience in Penetration testing with tools in Kali Linux or similar.

· Experience with Web Application Security Testing (Tools: Burp, OWASP ZAP etc.).

· Experience with Vulnerability Assessment (Tools: nmap, Nexpose or Nessus, Fierce, Wireshark etc.)

· You have experience with software testing methodologies, including writing and execution of test plans, debugging, and testing scripts/tools, testing REST APIs with a knowledge of automation framework development, integrate automated workflows into Jenkins for continuous runs.

· Experience designing and developing software systems design tools and languages

· You have experience determining security requirements of applications & services.

· Experience evaluating test strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing test strategy.

· Ability to effectively communicate product security, architectures, design proposals and negotiate options at business unit and executive levels.

· Should know standards of coding (e.g. Java, API’s, Full stack, Apex etc.) and able to learn new coding language to perform active secure code review.

· Proven Experience in Comprehensive Application Threat Analysis (CATA), ability to perform threat modelling and establish procedures to conduct security requirements gap analysis

· OWASP Top 10 understanding is a must.

· Good to have certifications CISSP, CEH, Comptia Security+, OSCP. (Any one is fine)

· Good understanding of customer centric workflows

· Self-motivated and can deliver on tight schedules with minimal supervision

· Excellent analytical, logical problem-solving skills.

· Excellent written and verbal communication skills.

· Self-driven, highly motivated and a passion to learn newer technologies and enhance existing systems for efficiencies and robustness.

· History of innovation with multiple patents or deployed solutions in the field of automation/software design/related areas.

· Independent with strong sense of ownership and urgency.

· An appetite for learning and staying updated on latest technology trends and industry standards.

· Thrives in ambiguity.

Additional Skills:

Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Security-First Mindset, Solutions Design, Testing & Automation, User Experience (UX)

What We Can Offer You:

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Let's Stay Connected:

Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE.

#india

#operations

Job:

Engineering

Job Level:

TCP_04

    

HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity.

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

   

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.