Full Job Description
HP is looking to add Security Engineers to conduct security research as well as operate Penetration Tests that dive deep into the technology stack. As a member of the team, you will work on some of the most challenging technical problems, develop new security solutions that will impact future HP products, and collaborate with the best product teams to integrate your ideas into products. You will research and develop innovative security strategies for challenging problems that will affect future HP products and be able to test your solutions against advanced resources. You will collaborate with broader teams across HP to transfer security solutions. You will have opportunities to provide technical mentorship and guidance, prepare technical reports for publication and conference talks. You are self-motivated, excellent problem solver, and a fast learner. You are quick to forge relationships and comfortable with change and ambiguity. You have strong programming and software testing skills…
As member of the Red Team performing Pen testing, you will work with a team to perform Black Box testing (no source), Gray and White Box Testing (where some or all source code is available). Products targeted for Pen testing may have some combination of User Mode, Kernel Mode, and Cloud Components as part of the solutions. As a pen tester, you will also be required to write proof of concept code to demonstrate vulnerabilities as well as to provide suggest means to solve the issues… You will also work with members of defensive team to incorporate your knowledge about vulnerabilities and techniques malware uses to defeat solutions in order to help teams design and write secure solutions and code to prevent vulnerabilities in HP solutions.
- Develop, and lead execution of security penetration test strategies and plans.
- Analyze Threat Models.
- Collaborate with development teams to design security controls and mitigations.
- Be an advocate of improving security and privacy across the stack.
- Contribute to technical requirements and architecture design documents.
- Creation of sample / POC exploit code to prove the existence of vulnerabilities, and extent of potential damage that can caused. Also, collaborate with the Blue Team members and developers to create strategy and solutions to fix / patch the vulnerabilities.
Note: This job summary and listing of duties is for the purpose of describing the position and its essential functions at time of hire and may change over time.
- B.S. degree in Computer Science, Information Security, or related areas
- Experience with security architecture, threat modelling, and leading security culture
- Windows Kernel knowledge is highly preferred. Application / cloud penetration experience is also required.
- Windows internals knowledge and OS security (e.g. ACLs, ACEs) or Linux security knowledge
- Understanding of Cryptography fundamentals and PKI
- Good presentation and writing skills
- Strong Communication Skills
- Passionate about building extraordinary products
- Excellent programming skills in C#, Python, C/C++
- Knowledge in conducting code reviews (C#, C++)
- Experience with dynamic and static analysis tools
- Experience fuzzing I/O targets (e.g. named pipes, RPC, IPC, network based, etc)
- Knowledge of common penetration testing frameworks and tools (eg. Metasploit, Kali etc.)
- Expected to perform well in a fast-paced environment, to execute on the tasks assigned, to meet the production deadlines and, at the same time, to explore independently new innovative ideas that can improve and transform the product experience of HP customers
- System level development experience (e.g. kernel drivers)
- Knowledge of security across the technology stack (from hardware, firmware, to OS)
- Reading and writing x86 assembly
- Reverse engineering knowledge (e.g. using Ida pro/Windbg)
- Address Spring, TX, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 0-5
- Academic Degree Bachelors