Listing Description
In this role, we will look to you to bring your subject matter expertise to manage complex product security incidents from end to end. As part of HP Cybersecurity’s Product Security Response Team, you will use your security expertise to identify product security incidents, use your technical skills to reproduce the issue, use your communication skills to brief product teams, legal teams, and executives, test proposed remediations, and work with stakeholders and security researchers to coordinate public disclosures.
Responsibilities:
- Monitors intake funnels for security incidents.
- Uses security knowledge and hands-on experience to reproduce reported vulnerabilities and test proposed remediations.
- Uses excellent verbal and written communication skills to brief stakeholders.
- Uses tested leadership skills to ensure proper coordination between product, application, legal, and executive teams.
- Uses excellent case management skills to ensure each case progresses towards a resolution.
Experience Required:
- Solid understanding of MITRE CVE framework and CVSS scoring methodology.
- Experience triaging and scoring product security vulnerabilities.
- Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT etc.
- 5+ years of relevant experience.
Knowledge and Skills:
- Advanced Cyber and IT security knowledge.
- Advanced understanding of Cyber and IT security risks, threats, and prevention measures.
- Advanced understanding of relevant programming and scripting languages (Perl, Python, PowerShell, HTML, JavaScript, etc.).
- Experience with debuggers such as IDA Pro, OlyDBG is a plus, but not required.
- Advanced security system analysis skills.
- Advanced understanding of security standards and best practices.
- Advanced risk assessment and management skills.
- Advanced understanding of networking and network security.
- Advanced understanding of network monitoring and protocols.
Advanced understanding of one or more of the following:
- Off-the-shelf vulnerability assessment products and tools.
- Network security devices (firewalls, proxies, NIDS/NIPS, etc.).
- Platform and application-layer penetration testing techniques.
- Adversary techniques, tactics, and protocols and related countermeasures.
- Dynamic and static malware analysis techniques.
- Network security monitoring.
- Memory analysis techniques.
- Malware reverse engineering techniques.
- Digital Forensics.
Where legally permitted, an offer of employment is conditional upon you providing proof that you are fully vaccinated against COVID-19 (as defined by the CDC) as of your first day of employment.
HP is an equal opportunity employer: https://tbcdn.talentbrew.com/company/3544/v1_0/PDFs/HP%20Inc%20EEO%20Policy%20Statement%202017_Final_signed.pdf
#LI-Post
About HP
You’re out to reimagine and reinvent what’s possible—in your career as well as the world around you.
So are we. We love taking on tough challenges, disrupting the status quo, and creating what’s next. We’re in search of talented people who are inspired by big challenges, driven to learn and grow, and dedicated to making a meaningful difference.
HP is a technology company that operates in more than 170 countries around the world united in creating technology that makes life better for everyone, everywhere.
Our history: HP’s commitment to diversity, equity and inclusion – it's just who we are.
From the boardroom to factory floor, we create a culture where everyone is respected and where people can be themselves, while being a part of something bigger than themselves. We celebrate the notion that you can belong at HP and bring your authentic self to work each and every day. When you do that, you’re more innovative and that helps grow our bottom line. Come to HP and thrive!
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided