Job Summary

• This role is responsible for leading the effort to ensure the security of software products by designing and implementing comprehensive security strategies, guidelines, and practices. The role is at the forefront of ensuring the security of software products. The role collaborates with development teams to implement security measures, conduct assessments, and design safeguards that protect applications from potential threats and vulnerabilities. The role showcases expertise and contributes to the creation of secure software solutions that instill confidence in users and stakeholders.

Responsibilities

• Oversees the organization of on-going security testing and code review to improve software security; updates security testing plans to ensure known vulnerabilities will not resurface.

• Uses a vast understanding of product security principles to design complex, new software solutions to help mitigate security vulnerabilities.

• Reviews and evaluates designs and project activities for compliance with security standards and guidelines; provides tangible feedback to improve product quality and mitigate risk.

• Leads internal teams in the adoption of SDL, specifically source code analysis, threat modeling, risk analysis, and writing product security requirements.

• Anticipates bottlenecks, provides escalation management, makes tradeoffs, and balances the business needs versus technical constraints.

• Defines and enforces security requirements and guidelines throughout the software development lifecycle to ensure that security is integrated from the beginning.

• Ensures software products adhere to relevant security regulations, industry standards, and compliance requirements.

• Utilizes a master level understanding of product security best practices to inform and drive secure coding practices across the organization.

• Communicates and coordinates with multiple teams on security and operational incidents.

• Serves as an expert level resource with regard to secure coding practices.

Education & Experience Recommended

• Four-year or Graduate Degree in Computer Science, Software Engineering, or any other related discipline or commensurate work experience or demonstrated competence.

• Typically has 10+ years of work experience, preferably in software security and automation, or a related field.

Preferred Certifications

• Certified Information Systems Security Professional

• Systems Security Certified Practitioner

Knowledge & Skills

• Agile Methodology

• Automation

• CI/CD

• Code Review

• Computer Science

• Continuous Integration

• Cyber Security

• DevOps

• Github

• Java (Programming Language)

• Object-Oriented Programming (OOP)

• Product Design

• Python (Programming Language)

• Secure Coding

• Security Software

• Software Development

• Software Engineering

• Systems Development Life Cycle

• Threat Modeling

• Vulnerability

Cross-Org Skills

• Effective Communication

• Results Orientation

• Learning Agility

• Digital Fluency

• Customer Centricity

Impact & Scope

• Impacts large functions and leads large, cross-division functional teams or projects.

Complexity

• Provides highly innovative solutions to complex problems within established policy.

Disclaimer

• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Equal Opportunity Employer (EEO):

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).