Application Security Engineer
- Spring, TX
We are seeking a Product Security consultant within Personal PC organization. We are looking for an innovative and motivated candidate who under general direction and with a high level of autonomy, will use extensive knowledge and skills obtained through education and experience to perform the services.
The candidate will be required to work on multiple products and must have the ability to develop and present secure solutions and remediation advice to leadership and technical teams. The candidate will be required to assess risks imposed by technical solutions and advise product teams of security standards, best practices and solutions to address risk, while maintaining security quality and customer satisfaction. This role can be performed by 100% remote location.
Primary responsibilities of this role are:
- Work closely with Business Team and product development team to:
- Drive Security Development Lifecycle activities (architecture review, threat modeling, security code reads)
- Align security solution to overall HP Inc. product.
- Certify the product HP Inc. ship are align with cyber security standard.
- Apply security throughout the product development lifecycle using Secure Development Lifecycle processes and techniques
- Gain and maintain a working knowledge of the HP Inc. portfolio of products.
- Continually review and enhance existing knowledge of security aspects of HP Inc. product sets and technologies.
- Partner with product development teams in order to remediate risks identified by Product Security.
- Capture Remediation data to provide dashboard and metrics to senior management
- Provide 'soft' consultancy skills and a proactive approach to earn the trust of product teams.
Requirements and Desirable Qualities:
- Strong engineering background preferred
- Application architecture experience preferred
- Advanced knowledge of Windows platforms
- Advanced knowledge of application mobile security tools
- Strong technical acumen securing software and hardware
- Excellent analytical and problem solving skills
- Good understanding of software development and working experience with any one of the higher level programing languages or scripting
- Typically 5 or more years of related work experience
- Experience leading security efforts and/or teams
- Good analytical and problem solving skills.
- Good communication skills
- Typically 7 or more years of related work experience
- Typically 5 years' experience in vulnerability research analyst, pen testing, security researcher, Windows, Linux.
- Strong engineering and development background in software are preferred.
- Open Source Contributor
- Strong knowledge to perform below tests:
- Penetration Testing
- Static Analysis/ Static Application Security Testing
- Vulnerability Assessment/Scanning
- Dynamic Analysis/Dynamic Application Security Testing (DAST)
- Malicious Software Analysis
- SDL (architecture review, code reads, threat modeling)
- CEH: Certified Ethical Hacker
- CCNP Security: Cisco Certified Network Professional Security
- GSEC / GCIH / GCIA: GIAC Security Certifications
- CISSP: Certified Information Systems Security Professional
Back to top