Web Application Penetration Testing

Web Application Penetration Testing

  

This role has been designed as ââOnsiteâ with an expectation that you will primarily work from an HPE office.

Who We Are:

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in todayâs complex world. Our culture thrives on finding new and better ways to accelerate whatâs next. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.

Job Description:

   

In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap for all of HPE. This includes managing the design, development, and product portfolio of our next-generation cloud platform, Green Lake. Working with customers, we help them reimagine their information technology needs to deliver a simple, consumable solution that helps them drive their business results. Join us redefine whatâs next for you.

What youâll do:

• Conduct thorough security assessments of applications, identifying vulnerabilities and weaknesses in code, architecture, and configurations.
• Collaborate closely with development teams to integrate security best practices into the software development lifecycle (SDLC) and ensure secure coding standards are followed.
• Perform regular security testing, including static code analysis, dynamic application scanning, and penetration testing, to identify and mitigate security risks.
• Analyze security incidents and provide timely response and remediation actions to mitigate potential threats.
• Develop and maintain security documentation, including security requirements, design documents, and security testing reports.
• Assist in the design and implementation of security controls and mechanisms to protect sensitive data and critical systems.
• Stay up to date with emerging security threats and industry best practices and recommend security enhancements and controls accordingly.
• Provide security guidance and support to cross-functional teams, including developers, architects, and project managers.
• Participate in security reviews and audits, ensuring compliance with security policies, standards, and regulatory requirements.
• Collaborate with third-party vendors and partners to assess the security posture of integrated systems and applications.

What you need to bring:

• Bachelor's degree in computer science, Information Security, or a related field.
• 5+ years of experience in application security, including hands-on experience with security testing tools and techniques.
• Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities and secure coding practices.
• Experience with security testing tools such as Burp Suite, OWASP ZAP, and code analysis tools like SonarQube or Checkmarx, Snyk.
• Proficiency in at least one programming language (e.g., Java, Python, JavaScript) and ability to review and understand code.
• Familiarity with software development methodologies (e.g., Agile, DevOps) and their impact on security practices.
• Excellent analytical and problem-solving skills, with attention to detail.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Certifications such as CISSP, CEH, or CASE (Java), or equivalent.
• Demonstrated ability to work independently and prioritize tasks in a fast-paced environment.

Desired Skills:

• Experience with cloud security principles and practices, including secure configuration management and identity access management (IAM).
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and related security controls.
• Understanding of secure authentication mechanisms (e.g., OAuth, JWT) and encryption techniques.
• Participation in bug bounty programs, Capture the Flag (CTF) competitions, or open-source security projects.
• Experience with scripting languages (e.g., Bash, PowerShell) for automation of security tasks and processes.

Desired Skills and Qualifications:

• Bachelorâs degree in computer science, Information Technology, or related field.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Proven ability to work effectively in a fast-paced environment.
• Continuous learning mindset to stay updated with evolving security threats and technologies.

Additional Skills:

Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Release Management, Security-First Mindset, User Experience (UX)

What We Can Offer You:

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have â whether you want to become a knowledge expert in your field or apply your skills to another division.

Diversity, Inclusion & Belonging

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Let's Stay Connected:

Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE.

#india#hpeocto

Job:

Engineering

Job Level:

Intermediate

    

HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT and Affirmative Action employer. We are committed to diversity and building a team that represents a variety of backgrounds, perspectives, and skills. We do not discriminate and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global diverse team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity.

Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities.

   

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

---