Sr. Principal Offensive Security Engineer - Special Ops at Hewlett Packard Enterprise

Bangalore, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

17 Mar, 26

Salary

0.0

Posted On

17 Dec, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Offensive Security, Web Penetration Testing, Cloud Penetration Testing, Source Code Security Review, Threat Modeling, SDLC Security, Python, Go, C/C++, AWS, Azure, GCP, Linux, Windows, API Security, Automation

Industry

Information Technology & Services

Description

Sr. Principal Offensive Security Engineer - Special Ops This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office. Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description: At HPE's Cyber Defense Center, we are committed to defending critical assets against ever-evolving cyber threats. As we enhance our capabilities, we're seeking a strategic leader who can harness their hands-on experience to help mature our First Response and Incident Command Team. This role calls for someone who can drive operational effectiveness under stress in a fast-paced and cyber environment. Are you ready to make an impact at one of the world’s leading tech companies? HPE’s Cybersecurity team is where you can do just that! We’re looking for a dynamic and experienced offensive security expert to join our Offensive Security Special Ops team. If you’re passionate about shaping the future of cybersecurity by applying offensive security skills to make defense better, join us! This role provides advanced offensive cybersecurity expertise, focusing on the planning and execution of complex Web and Cloud penetration testing engagements. You will own the technical planning and delivery of penetration testing engagements — from scoping and test plans through exploitation, PoC development, remediation verification, and formal reporting. You will apply a deep technical skills and offensive security experience to identify and exploit vulnerabilities in enterprise and cloud environments, helping to strengthen defenses through hands-on testing and analysis. This position involves driving high-impact testing projects, developing new testing methodologies and tools, and contributing to the organization’s overall security posture by uncovering and demonstrating real-world attack paths. You have deep expertise in identifying and exploiting vulnerabilities across web, applications, and cloud environments. Your offensive skill set spans modern web frameworks, authentication mechanisms, and API ecosystems, as well as cloud-native architectures in AWS, Azure, and GCP. You are experienced in performing comprehensive security reviews of source code and conducting threat modeling to identify design-level weaknesses early in the SDLC. You stay current with evolving attacker TTPs and apply that knowledge to perform realistic and high-impact penetration tests that strengthen HPE’s defenses and improve the security of our products and platforms. Candidates should demonstrate deep expertise in at least four domains (Web Penetration Testing and three more) plus practical experience in the remaining domains. For the Senior Principal level, we expect both strong depth in multiple domains and the ability to lead technically across multiple domains: Web Penetration Testing Application Penetration Testing Cloud Penetration Testing (AWS, Azure, and GCP) Source Code Security Review Threat Modeling and SDLC Testing AI&ML Systems What you’ll do: Web and Application Penetration Testing: Performing advanced assessments of web applications, APIs, and authentication mechanisms to identify and exploit vulnerabilities across modern frameworks and architectures. Delivering actionable findings that directly inform defensive improvements. Cloud Penetration Testing: Conducting offensive security assessments in AWS, Azure, and GCP environments. Testing identity, networking, storage, and serverless components to uncover misconfigurations and privilege escalation opportunities in multi-cloud deployments. Source Code Security Review: Reviewing application and infrastructure-as-code repositories to identify insecure coding patterns, injection points, and logic flaws. Collaborating with development teams to remediate vulnerabilities early in the SDLC. Threat Modeling and SDLC Security: Partnering with engineering and product teams to identify potential attack vectors at the design phase. Performing structured threat modeling to ensure security is embedded throughout the software development lifecycle. What you need to bring: Ability to take ownership of the technical planning and delivery of penetration testing engagements — from scoping and test plans through exploitation, PoC development, remediation verification, and formal reporting. Proven offensive web/app expertise: Demonstrated experience performing advanced web and API penetration tests, exploiting authentication/authorization flaws, business-logic issues, injection classes, and modern frameworks. Cloud exploitation: Hands-on experience testing and exploiting workloads and configurations in AWS, Azure, and GCP (identity, networking, storage, serverless, IaC). Server & client platform familiarity: Strong experience with common server and client platforms that host or interact with web apps—Linux and Windows primary; macOS experience is a plus. Programming & automation: Strong scripting and tooling skills using Python, Go, or C/C++ (or equivalent) to automate testing, build proofs-of-concept, and develop internal pentest tools. Infrastructure & evasion: Experience deploying offensive infrastructure for engagements and evading/demonstrating bypasses of network and host-based controls (WAF, IDS/IPS, EDR). Source code review & SDLC: Experience performing secure code reviews and integrating findings into the SDLC through threat modeling, developer collaboration, and security-by-design recommendations. Experience level & education: Master’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience. Minimum 9+ years in cybersecurity with substantial focus on offensive security and web/cloud testing. Research & innovation: Documented history of meaningful technical research, responsible disclosure, tooling contributions, or industry-visible findings (e.g., novel vulnerabilities, exploit techniques, or defensive improvements). Nice-to-have: Ability to assess ML/AI components integrated into web and cloud products — including model endpoints, inference APIs, training pipelines, and MLOps — to identify risks from prompt injection, model poisoning, data leakage, and adversarial examples Ability to design and automate adversarial tests and prompt-fuzzers to evaluate AI model robustness, and deliver mitigation guidance to product and detection teams Credited CVE’s, participation in bug bounty programs, security blogging, publicly available quality code or tools. Preferred Certifications/Experience Certifications such as OSCP / OSCE, GPEN, GWAPT, CRTP, OSWE, or equivalents. Experience with CI/CD and developer pipelines security (GitHub/GitLab runners, build agents, IaC scanning). Familiarity with threat emulation frameworks and MITRE ATT&CK, OWASP TOP 10, OWASP ASVS, OWASP WSTG, STRIDE, and mappings for web/cloud scenarios. Experience authoring pentest playbooks, reusable test modules, or internal offensive tooling. Deliverables & Success Metrics: Key deliverables include detailed test plans, high-fidelity technical reports with PoCs, remediation verification summaries, reusable playbooks/test modules, and tooling contributions. Success will be measured by the quality of findings, remediation impact, reduction in repeat issues, and improvements to detection/response coverage. Additional Skills: Accountability, Accountability, Action Planning, Active Learning, Active Listening, Agile Methodology, Bias, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Collection Management (Inactive), Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity {+ 4 more} What We Can Offer You: Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division. Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Let's Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #india #cybersecurity Job: Information Technology Job Level: TCP_06 HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories. No Fees Notice & Recruitment Fraud Disclaimer It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates. These scammers often seek to obtain personal information or money from candidates. Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication. Hewlett Packard Enterprise Technology innovation that fosters business transformation. We Are In the Acceleration Business We help customers use technology to slash the time it takes to turn ideas into value. In turn, they transform industries, markets and lives. Some of our customers run traditional IT environments. Most are transitioning to a secure, cloud-enabled, mobile-friendly infrastructure. Many rely on a combination of both. Wherever they are in that journey, we provide the technology and solutions to help them succeed. COVID Policy The health and safety of our team members, customers and partners is paramount at HPE. Accordingly, if applicable to the role you applied to, you must be fully vaccinated against COVID-19 by the employment start date where permitted by law. Exemptions based on medical, religious or other grounds will be processed and approved in accordance with local laws. Standards of Business Conduct (SBC) The Hewlett Packard Enterprise Standards of Business Conduct (SBC) embody the fundamental principles that govern our ethical and legal obligations to Hewlett Packard Enterprise. They pertain not only to our conduct within the company but also to conduct involving our customers, channel partners, suppliers and competitors. Read more about how we win the right way. Equal Opportunity Employer (EEO) Hewlett Packard Enterprise provides equal employment opportunity to any employee or applicant without regard to sex, gender, color, race, ethnicity, religion, creed, national origin, ancestry, citizenship, age, marital status, sexual orientation, gender identity and expression, physical or mental disability, medical condition, pregnancy, protected veteran status, uniformed service status, familial status, genetic information, political affiliation, or any other characteristic protected by federal, state, or local law. Please click here: Equal Employment Opportunity. If you’d like more information about your EEO right as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law - Supplement E-Verify (US & PR only) HPE is an E-Verify employer. E-Verify is an Internet-based system that compares information from an employee's Form I-9, Employment Eligibility Verification, to data from U.S. Department of Homeland Security and Social Security Administration records to confirm the employment eligibility of all newly hired employees. For more information click here. You can also download the posters with information on legal rights and protection by clicking here and here. Accessibility Hewlett Packard Enterprise is committed to working with and providing reasonable accommodation to qualified, differently abled individuals. If you need assistance in filling out the employment application or require a reasonable accommodation while seeking employment, please email recruiting@hpe.com. Note: This option is reserved for applicants needing assistance/reasonable accommodation related to a disability. Disclosure of Sensitive Personal Data Please ensure the resume you submit to us does not include any sensitive personal data. Sensitive personal data includes data revealing information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. To the extent the resume you submit does contain this type of personal data, you consent to the storing and processing of this data by HPE for the purpose of reviewing and managing your application.

Responsibilities

The role involves advanced offensive cybersecurity expertise, focusing on planning and executing complex Web and Cloud penetration testing engagements. You will own the technical planning and delivery of penetration testing engagements, from scoping and test plans through exploitation and formal reporting.