Hewlett Packard Enterprise

Senior Application Security Engineer

Hewlett Packard Enterprise

full-time

Posted on:

Location Type: Hybrid

Location: SpringNorth CarolinaTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $106,000 - $243,000 per year

Job Level

Senior

Tech Stack

AWSAzureCloudGoGoogle Cloud PlatformJavaJavaScriptJenkinsNode.jsPythonSDLC

About the role

  • Integrate security practices throughout the SDLC in partnership with engineering and DevOps teams.
  • Promote secure coding standards, tooling, and automation.
  • Design, implement, and maintain security controls within CI/CD platforms (GitHub Actions, Jenkins, GitLab, Azure DevOps, etc.).
  • Ensure software integrity through code signing, artifact validation, and provenance.
  • Automate SAST, DAST, SCA, and container image scanning in the build and release pipelines.
  • Automated AI specific vulnerability scanning into CI/CD to catch insecure LLM orchestration patters.
  • Identify and remediate misconfigurations and access control gaps in pipeline environments.
  • Design, deploy, and tune WAF rules and API security protections.
  • Conduct API risk assessments and promote secure API design patterns.
  • Perform secure code reviews and support automated security testing coverage across pipelines.
  • Triage, prioritize, and track vulnerabilities across source code, CI/CD pipelines, and deployed services.
  • Facilitate threat modeling for applications, APIs, and delivery pipelines.
  • Perform threat modeling on RAG architecture and autonomous agents.
  • Expand security automation around API discovery, dependency scanning, SBOM generation, and secrets detection.
  • Mentor engineering teams on secure coding and secure pipeline practices.
  • Support the Security Champions program.
  • Act as a trusted advisor to product, platform engineering, and DevOps teams, translating technical risks into business impact.
  • Partner with SOC/IR teams during software supply chain or pipeline-related security incidents.
  • Assess and guide the secure adoption of AI capabilities within enterprise applications—focusing on data security, access controls, model input/output handling, and preventing misuse within internal systems.
  • Leverage AI‑powered security tools to identify anomalies, code risks, and pipeline misconfigurations within internal applications and CI/CD systems.

Requirements

  • 5–8+ years in Application Security, Product Security, or Secure Software Development
  • Hands-on experience securing CI/CD pipelines and source repositories (GitHub, GitLab, Jenkins, etc.)
  • Knowledge of supply chain security frameworks (SLSA, NIST SSDF)
  • Experience with secrets management, artifact signing (Sigstore, Cosign), and build integrity
  • Strong background in WAF tuning, API security, and vulnerability remediation
  • Proficiency in at least one programming language (Python, Java, Go, JavaScript/Node.js)
  • Experience with SAST, DAST, SCA, and container scanning tools
  • Cloud security experience (AWS, Azure, or GCP)
  • Strong understanding of OWASP Top 10 (Web & API), CWE, and secure coding practices
  • Familiarity with OWASP Top 10 for LLM Application and MITRE ATLAS
Benefits
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Application SecuritySecure Software DevelopmentCI/CD securityWAF tuningAPI securityvulnerability remediationprogramming languagesSASTDASTsecrets management
Soft Skills
mentoringcommunicationcollaborationproblem-solvingrisk assessment