Application Security Engineer

Application Security Engineer

This role has been designed as 'Onsite' with an expectation that you will primarily work from an HPE office.

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today's complex world. Our culture thrives on finding new and better ways to accelerate what's next. We value varied backgrounds and support work-life flexibility. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career, our culture will embrace you. Open up opportunities with HPE.

In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap for all of HPE. This includes managing the design, development, and product portfolio of our next-generation cloud platform, Green Lake. Working with customers, we help them reimagine their information technology needs to deliver simple, consumable solutions that drive their business results. Join us to redefine what's next for you.

Responsibilities:

• Conduct thorough security assessments of applications, identifying vulnerabilities and weaknesses in code, architecture, and configurations.
• Collaborate closely with development teams to integrate security best practices into the software development lifecycle (SDLC) and ensure secure coding standards are followed.
• Perform regular security testing, including static code analysis, dynamic application scanning, and penetration testing, to identify and mitigate security risks.
• Analyze security incidents and provide timely response and remediation actions to mitigate potential threats.
• Develop and maintain security documentation, including security requirements, design documents, and security testing reports.
• Assist in the design and implementation of security controls and mechanisms to protect sensitive data and critical systems.
• Stay up-to-date with emerging security threats and industry best practices, and recommend security enhancements and controls accordingly.
• Provide security guidance and support to cross-functional teams, including developers, architects, and project managers.
• Participate in security reviews and audits, ensuring compliance with security policies, standards, and regulatory requirements.
• Collaborate with third-party vendors and partners to assess the security posture of integrated systems and applications.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in application security, including hands-on experience with security testing tools and techniques.
• Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities and secure coding practices.
• Experience with security testing tools such as Burp Suite, OWASP ZAP, and code analysis tools like SonarQube, Checkmarx, Snyk.
• Proficiency in at least one programming language (e.g., Java, Python, JavaScript) and ability to review and understand code.
• Familiarity with software development methodologies (e.g., Agile, DevOps) and their impact on security practices.
• Excellent analytical and problem-solving skills, with attention to detail.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Certifications such as CISSP, CEH, or CASE (Java), or equivalent.

Desired Skills:

• Experience with cloud security principles and practices, including secure configuration management and IAM.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and related security controls.
• Understanding of secure authentication mechanisms (e.g., OAuth, JWT) and encryption techniques.
• Participation in bug bounty programs, CTF competitions, or open-source security projects.
• Experience with scripting languages (e.g., Bash, PowerShell) for automation of security tasks and processes.

What you need to bring:

• Bachelor's degree in computer science, Information Technology, or related field.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Proven ability to work effectively in a fast-paced environment.
• Continuous learning mindset to stay updated with evolving security threats and technologies.

Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Release Management, Security-First Mindset, User Experience (UX)

Health & Wellbeing

We strive to provide our team members and their loved ones with benefits supporting their wellbeing.

Personal & Professional Development

We invest in your career growth with programs to help you reach your goals.

Unconditional Inclusion

We celebrate individual uniqueness and value diverse backgrounds. We offer flexibility to manage work and personal needs. We make bold moves together and are a force for good.

Follow @HPECareers on Instagram for updates on people, culture, and tech at HPE.

HPE is an Equal Employment Opportunity employer. We do not discriminate based on race, gender, or any protected category. Our goal is to be an inclusive environment where we can innovate and grow together. Please click here: Equal Employment Opportunity.