Application Security Engineer

We are seeking an experienced Application Security Engineer with a strong background in application security and pen-testing to join our global team. In this role, you will ensure the resiliency and security of our software systems and digital experiences. You will work closely with the cross-functional teams to protect HP’s software, systems, and data. You will focus on automating and improving the security aspects of our code development and deployment practices and leading the application security triage and prioritization processes. 

You will:

• Work with developers to implement and maintain secure software development life cycle best practices to produce secure products, and services.
• Contribute to the security hardening efforts and produce sensible baseline configurations for all applications and systems
• Perform application security penetration testing, including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes 
• Implement and maintain DevOps security tools to perform SAST, DAST, SCA, SBOM and vulnerability management.
• Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards, including the remediation of the identified gaps in the security posture 
• Perform security reviews to make sure the secure code development practices culture is maintained across the organization
• Contribute to the bug bounty triage and remediation processes 

You bring:

• Bachelor's degree in Computer Science, Information Technology, or a related technical field 
• 5+ years of proven experience in AppSec (web, API, mobile) or a related role 
• 3+ years of experience in cloud environments (AWS preferred) 
• Proficient in managing static and dynamic code analysis tools
• Familiar with the Infrastructure as Code and “desired state” concepts, including tools such as Terraform, Salt, Chef, Puppet etc. 
• Knowledge of common attack vectors, including OWASP Top 10 
• Experience automating build and deployment infrastructure built on Kubernetes, Docker etc. 
• Experience in Python programming or other shell scripting languages 
• Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., GitHub) 
• Excellent problem-solving and communication skills 

Skills:

• OWASP top 10
• NIST
• OSCP/CEH/CISSP/eJPT/eWPT (Certifications)
• Bug Bounty
• Web Security
• API Security
• Burp Suite
• Threat modelling
• Kali Linux

Preferred Qualifications: 

• In-depth knowledge of containerization technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform). 
• Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS, serverless, and ensuring high availability and performance. 
• Proficiency in application security assessments, penetration testing, red team, purple team.

#LI-POST