Skip Navigation

Search jobs

Saved jobs

Security Architect - Offensive Security / SSDL

Overview

HP Engineering entails utilizing established engineering disciplines to test and safeguard the manufacturing standards for new and existing HP products. Working with internal stakeholders and outsourced development partners, you will develop and execute solutions to resolve any existing issues, ensuring that our operating processes are cost-effective and uphold the highest quality.

Success profile

What makes a successful Engineer at HP? Check out the top traits we’re looking for and see if you have the right mix.

  • Communicator9
  • Deadline-oriented10
  • Entrepreneurial6
  • Open-minded9
  • Problem-solver7
  • Team Player10
10

Rewards

  • Medical

  • Holidays

  • Flex Time

  • Life and Disability
    Insurance

  • Work/Life Balance

  • Onsite Gym/
    Fitness Center

A team of engineering employees in front of a whiteboard A woman engineer in a laboratory
  • “Our passion is to innovate in addressing daily engineering challenges.”

  • “At HP, innovative people collaborate together to create experiences and products that make the world a better place.”

  • “I joined HP not long ago, right after my undergrad studies; the amount of autonomy that my manager has given me was beyond my expectation. My seniors value my opinion and they trust me as a part of the team.”

  • “I love working at HP because it allows me to give back to the community and participate in volunteering events that I care about.”

Responsibilities

Job ID 3031187 Primary Location Houston, Texas, United States of America Date posted 06/14/2018

Senior Security Architect – focusing on Offensive Security / Bounty Program / SSDL

Description

HP’s world class platform team producing “World’s Most Secure and Manageable PCs” is looking for a proactive, diligent team player from a security architecture and product development background with the ability to work seamlessly across multiple teams and functions in HP, interfacing with senior system architects, technologists and engineers who possess a diverse set of skills ranging from academic research through to product development. They will have an interest in cyber security and system security trends, and be able to identify the applications of these for securing the diverse set of PC Platform capabilities, such as hardware, firmware, software for security, manageability, cloud based services and applications, etc.  Join us to help improve the security and privacy of millions of HP customers all over the world.  In this highly visible and challenging position, you will oversee – and continually enhance – all facets of the software security assurance process used by the HP Business PC organization.  More specifically, you will help create and oversee a wide ranging Bounty Program focused on improving the quality of broad ranging HP products (Hardware, Software, and Firmware).  You will also help lead a penetration test process and team to aggressively detect security vulnerabilities in HP systems before and after release to market for delivering on our commitment to improve security quality of our products and to help us continue to develop and deliver “World’s Most Secure and Manageable PCs”.

Responsibilities

  • Manage, improve, and expand the secure software design and development processes for all HP Business PC products.
  • Help review and evaluate designs and project activities to ensure secure development best practices.
  • Oversee HP’s bounty program (details provided in person)
  • Help create and oversee a team for advance penetration testing of HP Systems (HW, FW, and Software) across projects serving cloud (Web services and applications), PC and non-PC hardware (e,g., Mobile, IoT, accessories, etc.), and Software and firmware
  • Help other architects in development of security training material (course curriculum, videos, white papers, etc.) that are targeted and focused on penetration testing techniques
  • Provide training for internal HP engineering teams across various HP business units for teaching Pen Test techniques with focus on helping them provide more secure software.
  • Provide guidance and mentoring to early career experienced staff members.
  • Develop in-house tools to aid in testing application security effectiveness.
  • Help team to design a workflow for handling security assessments.
  • Must be able to assess application security threats and provide mitigations.
  • Help lead and perform Security Design and Code reviews for software and firmware for a wide variety of internal and external components – project domains cloud, mobile, PC, PC BIOS, Device Firmware, etc.

Education and Experience

  • Bachelor's degree in Computer Science, Information Systems, or equivalent is desired.  All applicants with applicable experience will be considered.
  • 6+ years writing software in C/C++, C#, or Java (experience in cloud development languages a plus)
  • Knowledge of a scripting language preferably Python or PowerShell.
  • Deep experience with Penetration Testing techniques and tools
  • Excellent written and verbal communication skills.
  • Must feel comfortable in large or small public speaking situations (needed for training and customer interactions)
  • Should have the ability to transfer complicated technical information to non-technical personnel
  • Understanding of CVSS v2 and v3, vulnerabilities, exploits, payloads and evasions
  • Knowledge in reverse engineering and debugging application binaries with IDA Pro
  • Familiarity with tools such as Metasploit, Nessus, Nmap, Tcpdump, Wireshark and Burp Suite

#LI-POST

About this location

Check out where you could be working before you apply.

View map

Sign up for updates

Areas of interestSearch for a category, location, or category/location pair, select a term from the suggestions and click “Add”.