Job Summary

• This role is responsible for secure architecture review of software solutions developed in the organization to ensure applications meet the necessary security requirements. The role is responsible for overall security objectives of the organization but mainly focusing on security architecture review of applications, creating final reports, follow standard operating procedures, educate developers on security issues with the help of frameworks and tools. The role works closely with cross-functional teams to understand requirements, provide technical insights, and ensure the successful security assessment of projects.

Responsibilities

• Does Security review of portions of web application or entire application, API, thick client applications according to standard methodologies with appropriate tools while maintaining the delivery timelines.

• Creates feature specific review checklist if required based on the business logic of the feature and review them against security requirements.

• Identifies opportunities for improvements in processes used by security team and development teams for security evaluation purposes.

• Keeps up to date with latest security issues and apply them in the current methodology wherever applicable.

• Participates as a part of the team to deliver on high quality security related initiatives for the organization and team.

• Collaborates and communicates with stakeholders regarding security issues, their status, project progress, and issue resolution.

• Understanding of global security and regulatory compliances at application level e.g. GDPR like Data privacy laws.

• Engages and promote security culture and security team to expand the portfolio.

• Builds strong working relationships and quickly establishes credibility across an organization.

Education & Experience Recommended

• Four-year or Graduate Degree in Computer Science, Information Systems, or any other related discipline or commensurate work experience or demonstrated competence.

• Typically has 10+ years of work experience in IT security. Experience in cloud application development would be a plus.

Preferred Certifications

• CISM/CISSP or equivalent (Not required but good to have)

Knowledge & Skills

• Threat Modeling of Cloud Applications.

• STRIDE/DREAD/P.A.S.T.A etc. threat modeling methodology.

• Security assessment

• Security design and Implementation in Cloud Services

• SSDLC in Modern App Development

• Agile Development process

• Amazon Web Services

• CI/CD Pipeline understanding.

• Risks, vulnerabilities and related remediation's

• Cryptography

• Authentication

• Authorization

• Microsoft Threat Modeling tool

• Compliance Requirements

• Data Privacy Laws

• SonarQube or Veracode or equivalent tool

• Microservices

• Java/Golang (Programming Language)

Cross-Org Skills

• Effective Communication

• Proactive

• Leadership

• Collaborative

• Team player

Impact & Scope

• Impacts immediate team and acts as an informed team member by providing analysis based on available information.

Complexity

• Responds to routine and ad-hoc requirements within established guidelines.

Disclaimer

• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Equal Opportunity Employer (EEO):

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).