Web Application Penetration Testing

This role has been designed as ‘’Onsite’ with an expectation that you will primarily work from an HPE office.

Job Description:

In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap for all of HPE. This includes managing the design, development, and product portfolio of our next-generation cloud platform, Green Lake. Working with customers, we help them reimagine their information technology needs to deliver a simple, consumable solution that helps them drive their business results. Join us redefine what’s next for you.

What you’ll do:

• Conduct thorough security assessments of applications, identifying vulnerabilities and weaknesses in code, architecture, and configurations.
• Collaborate closely with development teams to integrate security best practices into the software development lifecycle (SDLC) and ensure secure coding standards are followed.
• Perform regular security testing, including static code analysis, dynamic application scanning, and penetration testing, to identify and mitigate security risks.
• Analyze security incidents and provide timely response and remediation actions to mitigate potential threats.
• Develop and maintain security documentation, including security requirements, design documents, and security testing reports.
• Assist in the design and implementation of security controls and mechanisms to protect sensitive data and critical systems.
• Stay up to date with emerging security threats and industry best practices and recommend security enhancements and controls accordingly.
• Provide security guidance and support to cross-functional teams, including developers, architects, and project managers.
• Participate in security reviews and audits, ensuring compliance with security policies, standards, and regulatory requirements.
• Collaborate with third-party vendors and partners to assess the security posture of integrated systems and applications.

What you need to bring:

• Bachelor's degree in computer science, Information Security, or a related field.
• 5+ years of experience in application security, including hands-on experience with security testing tools and techniques.
• Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities and secure coding practices.
• Experience with security testing tools such as Burp Suite, OWASP ZAP, and code analysis tools like SonarQube or Checkmarx, Snyk.
• Proficiency in at least one programming language (e.g., Java, Python, JavaScript) and ability to review and understand code.
• Familiarity with software development methodologies (e.g., Agile, DevOps) and their impact on security practices.
• Excellent analytical and problem-solving skills, with attention to detail.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Certifications such as CISSP, CEH, or CASE (Java), or equivalent.
• Demonstrated ability to work independently and prioritize tasks in a fast-paced environment.

Desired Skills:

• Experience with cloud security principles and practices, including secure configuration management and identity access management (IAM).
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and related security controls.
• Understanding of secure authentication mechanisms (e.g., OAuth, JWT) and encryption techniques.
• Participation in bug bounty programs, Capture the Flag (CTF) competitions, or open-source security projects.
• Experience with scripting languages (e.g., Bash, PowerShell) for automation of security tasks and processes.

Desired Skills and Qualifications:

• Bachelor’s degree in computer science, Information Technology, or related field.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Proven ability to work effectively in a fast-paced environment.
• Continuous learning mindset to stay updated with evolving security threats and technologies.

Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Release Management, Security-First Mindset, User Experience (UX)

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Diversity, Inclusion & Belonging

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

#india

#hpeocto

Job:

Engineering

Job Level:

TCP_02

Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.