The successful candidate is passionate about security with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities, seasoned in implementing best practices design and threat modeling and can work in a dynamic environment. You will perform penetration testing and provide recommendations to developers on mitigations for all our client based support solutions including HP Support Assistant (MS Windows/Mobile versions), our gateway for supportability web services and our virtual bot service. You will primarily interface with software developers, partners and HP Global Cyber Security in producing secure code in short time frames.
- Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services
- Work closely with DevOps to verify and respect best practices and security requirements
- Drive security audits for solutions portfolio and engage w/ respective team members to ensure compliance
- Technical point of contact for product teams as it relates to Product Application Security Operations
- Provide technical guidance and educate team members and coworkers on security practices in development and operations
Brainstorm for new ideas and ways to improvement security in our delivery
Document and design various processes; update existing processes related to security
- Analyzes vulnerabilities, attacks or threats to determine risk, adversary intent, and prioritize mitigation or response.
- Owns resolution of HP security issues related to security vulnerabilities, incidents and threats.
- Recommends containment, eradication, and recovery measures for any observed attack or breach. Combines industry expertise with a thorough understanding of information and security technology to direct development of vulnerability remediation or mitigation plans.
- Follow all best practices and procedures as established by company’s Global Cyber Security Team
- Build tools and automation scripts that enable developers to easily consume security services delivered by Global Cyber Security, Security
- Engineering and Automation team
- Well versed in web application design, penetration testing, application risk assessment and risk categorization
- Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
- Success in implementing effective Secure SDLC frameworks across a large corporation.
- Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning
- Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
- Deep knowledge and experience in using SAST, DAST and fuzz testing tools
- Highly effective communicator; well-honed influencing and negotiating skills
- Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
Qualification & Experience:
- MS degree in Information System management / Computer Science / Information Security or a related technical discipline
- Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT etc.
Experience with VisualStudioOnline/VisualStudioTeamServices
Vacancy Type: Full Time
Job Functions: Other
Job Location: Visakhapatnam, Andhra Pradesh, IN
Application Deadline: N/A