Product Security Compliance - Senior Security SW and System Engineer

Product Security Compliance - Senior Security SW and System Engineer

  

This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office.

Job Description:

   

As part of our HPE Operations Product Security Compliance Testing Lab the Senior Security Engineer will be responsible for the design, development and implementation of security solutions to enhance product security.   Scope includes design, development of product security tests, and the development of automated solutions and tools to improve efficiency of testing processes.

Job Family Definition:

Designs, develops, troubleshoots and debugs software programs for software enhancements and new products. Develops software including operating systems, compilers, routers, networks, utilities, databases and Internet-related tools. Determines hardware compatibility and/or influences hardware design.

Management Level Definition:

Contributions impact technical components of HPE products, solutions, or services regularly and sustainable. Applies advanced subject matter knowledge to solve complex business issues and is regarded as a subject matter expert. Provides expertise and partnership to functional and technical project teams and may participate in cross-functional initiatives. Exercises significant independent judgment to determine best method for achieving objectives. May provide team leadership and mentoring to others.

Responsibilities:

• Leads multiple security and automation project teams of other software systems engineers and internal and outsourced development partners responsible for all stages of design and development for security solutions for complex products and platforms, including solution design, analysis, coding, testing, and integration. 
• Design, develop, test, and maintain robust, scalable, and high-quality security and software solutions.
• Bring relevant subject matter expertise on application and systems security strategy, architecture and roadmaps, review application architectures, code and system services from a security perspective.
• Manages and expands relationships with internal and outsourced development partners on software systems design and development.
• Reviews and evaluates designs and project activities for compliance with secure systems design and development guidelines and standards; provides tangible feedback to improve product security and mitigate failure risk.
• Provides security domain-specific expertise and overall software systems leadership and perspective to cross-organization projects, programs, and activities.
• Direct and coordinate the implementation of test automation and other test tools (security)
• Develop and utilize security metrics to assess security performance trends.
• Drives innovation and integration of new technologies into projects and activities in the secure software systems design organization.
• Provides guidance and mentoring to less- experienced staff members.

Education and Experience Required:

• Bachelor's or Master's degree in Computer Science, Information Systems, or equivalent.
• Typically 6-10 years experience.

Knowledge and Skills:

• Extensive experience with multiple software systems design tools and languages.
• Excellent analytical and problem-solving skills.
• Experience in overall architecture of software systems for products, solutions and IT systems.
• Designing and integrating software systems running on multiple platform types into overall architecture.
• In-depth Cyber and IT security knowledge.
• Solid knowledge of security fundamentals and general security technologies, including: network security controls (firewalls, VPNs, IPSec, IDS/IPS), secure code, physical security, cryptography, authentication, identity management, network communication ports and protocols, etc.
• Solid knowledge of Artificial Intelligence (AI) tools for process validation and improvements.
• Experience in Penetration testing with tools.
• Experience with Web Application Security Testing (Tools: Burp, ZAP etc.).
• Experience with Vulnerability Assessment and Tools (nmap, Nexpose or Nessus, Fierce, Wireshark etc.)
• Experience with encryption methods and their applications, including Post Quantum Cryptography (PQC)
• Evaluating forms and processes for software systems testing and methodology, including writing and execution of test plans, debugging, and testing scripts and tools.
• Excellent written and verbal communication skills; mastery in English and local language. Ability to effectively communicate product architectures, design proposals and negotiate options at senior management levels.
• Agile Development: Participate in Agile methodologies, including sprint planning, daily stand-ups, and retrospectives.
• Understanding of OWASP Top 10 
• Security Certifications: preferred (CVP, CISSP, CEH, CompTIA Security+, OSCP.)

Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Security-First Mindset, Solutions Design, Testing & Automation, User Experience (UX)

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

#puertorico

Job:

Engineering

Job Level:

TCP_04

    

    

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

   

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

   

Recruitment Fraud Alert

We have become aware of an increase in fraudulent recruitment activities in which individuals impersonate our company or authorized recruitment agencies to offer fake employment opportunities. These scams may occur through false websites, emails, social media, or chat-based applications and often aim to obtain personal information or money. Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge a candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. We also never request personal information such as back account details, Social Security numbers, or national IDs via social media or chat applications.

All legitimate job opportunities will come through official company channels, and candidates are responsible for verifying the credentials of any third party claiming to represent the company. Any reliance on fraudulent communication is at the individual’s own risk, and HPE disclaims legal liability for any resulting damages. If you suspect recruitment fraud, do not share personal information or make any payments and report the incident to your local authorities immediately.