CrawlJobs Logo
Hewlett Packard Enterprise Logo Hewlett Packard Enterprise · IT - Software Development

Product Security Engineer- Threat Researcher

Puerto Rico, Aguadilla · Job Posted July 09, 2025
Apply Position
Job Link Share

Job Description

The Senior Security Engineer/Threat Researcher position will be part of Aruba Threat Labs, an internal product security group focused on researching and improving the security of HPE Aruba Networking’s products, the company’s secure development practices, and the company’s vulnerability disclosure processes. Based in the Office of the CTO, the Senior Security Engineer/Threat Researcher will have responsibility across Aruba’s entire product portfolio, including LAN switching, Wi-Fi, Network Access Control, cloud, and security monitoring solutions.

Job Responsibility

  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers

Requirements

  • B.S. or M.S. in software engineering, computer science, cybersecurity or a related field (or equivalent experience)
  • 6+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders. English advanced

Nice to have

  • Experience with fuzzing frameworks (e.g., AFL, libFuzzer) and advanced static analysis tools
  • Knowledge of reverse engineering firmware, embedded systems, or IoT devices
  • Familiarity with secure development lifecycles (SDLC) and DevSecOps practices
  • Knowledge of modern cloud architectures and security concerns in cloud-native applications
  • Experience contributing to or managing open-source security projects
  • Certifications such as OSCP, OSWE, or GREM are a plus, but not required

What we offer

  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
Hewlett Packard Enterprise - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Product Security Engineer- Threat Researcher

8 matching positions

Product Security Engineer

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
United States , Remote
Salary
Salary:
101900.00 - 234500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity, or a related field (or equivalent experience)
  • 7+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF, and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers.
What we offer
What we offer
  • Comprehensive suite of benefits that supports physical, financial, and emotional wellbeing
  • Specific programs catered to helping employees reach career goals
  • Inclusive working environment.
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
Puerto Rico , Aguadilla
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity or a related field (or equivalent experience)
  • 6+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders. English advanced
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Product Security Engineer

Join Airtable as a Product Security Engineer and play a pivotal role in shaping ...
Location
Location
United States , San Francisco; Seattle; New York City; Los Angeles
Salary
Salary:
170000.00 - 277000.00 USD / Year
airtable.com Logo
Airtable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years experience in product security and application security
  • Experience shipping production code
  • Skilled at conducting in-depth security reviews and collaborating with engineering teams
  • Proficient in writing clean, maintainable code
  • Hands-on experience with AI product security for LLM-powered products
  • Strong communicator and collaborator, able to drive security initiatives
  • Comfortable making systems as well as breaking them
  • Familiar with JavaScript or TypeScript, Node, Linux, and AWS or comparable technologies
  • Comfortable working in a fast-paced environment and contributing to long-term security strategy
Job Responsibility
Job Responsibility
  • Partner with product teams to review product plans, designs, and code for security considerations
  • Lead and implement programs that raise the bar for application and product security
  • Build and ship frameworks that make it easy for product engineers to ship secure code
  • Triage and drive remediation for findings from external penetration testers
  • Research emerging threats and evolving best practices, especially in AI and LLM safety
  • Work with advisors and third party vendors on penetration tests, security reports and compliance projects
  • Contribute to roadmaps, metrics and strategic planning for the product security team
What we offer
What we offer
  • Benefits
  • Restricted stock units
  • Incentive compensation
  • Fulltime
Read More
Arrow Right

Senior Product Security Engineer

Ready to make an impact on the security of products from the ground up? Join our...
Location
Location
United States , Austin
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a similar field, or equivalent experience
  • At least 5 years of demonstrated experience in application security, ideally within the gaming or technology sectors
  • Validated expertise in pentesting, security architecture, risk management, and securing CI/CD pipelines to ensure seamless and secure software delivery
  • Extensive knowledge of common and complex security vulnerabilities, along with effective mitigation techniques
  • Ability to translate design documents into security-focused guidelines and requirements for product development
  • Adapt quickly to new technologies, languages, and solve challenges outside your expertise
  • Travel: No routine travel required
  • occasional travel as needed.
Job Responsibility
Job Responsibility
  • Develop threat models for a variety of applications and games to prioritize scope and use cases for security testing
  • Execute hands-on penetration tests and red team exercises to identify vulnerabilities in applications, infrastructure, and services
  • Conduct manual and automated secure code reviews in languages such as C#, Java, Python, and JavaScript, providing clear, actionable guidance to developers on vulnerability remediation
  • Triage, validate, and manage vulnerability reports from our bug bounty program, working with external researchers and internal teams on resolution
  • Develop and implement security automation tools to improve the efficiency and effectiveness of security processes
  • Provide security architecture and design guidance to development teams, ensuring secure coding practices are followed
  • Partner with teams to define and execute security strategy, driving security priorities across the organization
  • Stay ahead of emerging security threats, seeking and advocating for new technologies to address complex risks.
What we offer
What we offer
  • Medical (HSA & FSA), dental, vision, 401(k) with company match, employee stock purchase plan, commuter benefits, in-house wellness program, broad learning & development opportunities, a charitable giving platform with company match
  • Fitness allowance, employee discount programs, discounted games & events and stocked pantries.
  • Fulltime
Read More
Arrow Right

Senior Product Security Engineer

Join our Product Security team, where you'll partner with development and game t...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a similar field, or equivalent experience
  • At least 5 years of demonstrated experience in application security, ideally within the gaming or technology sectors
  • Validated expertise in pentesting, security architecture, risk management, and securing CI/CD pipelines
  • Extensive knowledge of common and complex security vulnerabilities, along with effective mitigation techniques
  • Ability to translate design documents into security-focused guidelines and requirements for product development
  • Adapt quickly to new technologies, languages, and solve challenges outside your expertise
Job Responsibility
Job Responsibility
  • Develop threat models for a variety of applications and games to prioritize scope and use cases for security testing
  • Execute hands-on penetration tests and red team exercises to identify vulnerabilities in applications, infrastructure, and services
  • Conduct manual and automated secure code reviews in languages such as C#, Java, Python, and JavaScript, providing clear, actionable guidance to developers on vulnerability remediation
  • Triage, validate, and manage vulnerability reports from our bug bounty program, working with external researchers and internal teams on resolution
  • Develop and implement security automation tools to improve the efficiency and effectiveness of security processes
  • Provide security architecture and design guidance to development teams, ensuring secure coding practices are followed
  • Partner with teams to define and execute security strategy, driving security priorities across the organization
  • Stay ahead of emerging security threats, seeking and advocating for new technologies to address complex risks
What we offer
What we offer
  • Medical (HSA & FSA)
  • dental
  • vision
  • 401(k) with company match
  • employee stock purchase plan
  • commuter benefits
  • in-house wellness program
  • broad learning & development opportunities
  • a charitable giving platform with company match
  • Fitness allowance
  • Fulltime
Read More
Arrow Right

Senior AI Security Engineer

Senior AI Security Engineer role in Citi's Application, Platform and Engineering...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Production system builder with security focus - proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up
  • Ethical hacking and penetration testing expertise - hands-on experience finding and exploiting vulnerabilities, conducting red team exercises
  • State-of-the-art security engineering with Go, Python, JavaScript
  • HashiCorp Vault mastery - deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials
  • Enterprise authentication & authorization - designing and implementing OAuth, JWT, RBAC, and complex identity systems
  • API security and threat modelling - securing REST/GraphQL APIs, conducting threat assessments
  • AI/ML security and vulnerability research - understanding of LLM vulnerabilities, model security, prompt injection attacks
  • Security automation and tooling – automating manual security processes
  • Cloud-native security - securing containerized applications in Kubernetes, service mesh security
  • Incident response and forensics - experience investigating, analyzing, and responding to security incidents
Job Responsibility
Job Responsibility
  • Build secure AI products from 0-1 - Engineer production-grade, business-facing AI platforms with security built-in from day one
  • Conduct ethical hacking and red team activities - penetration testing, vulnerability research, and attack simulation
  • Design and build security tools and frameworks - Create automated security solutions that scale across fast-paced development cycles
  • Secure novel AI attack surfaces - Identify and mitigate LLM-specific vulnerabilities, prompt injection attacks, and AI model security risks
  • Lead 'shift left' security - Embed security practices throughout rapid development lifecycle while maintaining velocity
  • Mentor security practices - Guide other engineers on secure coding, vulnerability remediation, and security-first thinking
What we offer
What we offer
  • 27 days annual leave (plus bank holidays)
  • Discretional annual performance related bonus
  • Private Medical Care & Life Insurance
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Hybrid working model (up to 2 days working at home per week)
  • Competitive base salary (annually reviewed)
  • Fulltime
Read More
Arrow Right

Security Engineering Lead

Citi's Application, Platform and Engineering team is looking for a Security Engi...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bring your deep-dive application security engineering expertise from building production systems
  • thrive in a results-driven environment, where flexibility fuels impact
  • be a game-changer, ready to step beyond your designated role
  • love the synergy of pair programming
  • seize the opportunity to secure AI applications at scale
  • have a relentless passion to learn more about AI security, LLM attacks, and bringing your knowledge to shape Citi's secure AI future
  • proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up
  • hands-on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses
  • experience building security tools and secure production systems with Go, Python, JavaScript
  • deep experience with HashiCorp Vault for enterprise-scale secrets management
Job Responsibility
Job Responsibility
  • Build secure AI products
  • conduct penetration testing and vulnerability research
  • design automated security solutions
  • identify and mitigate AI-specific vulnerabilities
  • lead security practices in development lifecycles
  • mentor engineers on secure coding practices.
What we offer
What we offer
  • 27 days annual leave plus bank holidays
  • discretional annual performance-related bonus
  • private medical care and life insurance
  • employee assistance program
  • pension plan
  • paid parental leave
  • special discounts for employees, family, and friends
  • Fulltime
Read More
Arrow Right

Application Security Engineer

Location
Location
Salary
Salary:
Not provided
ryzlabs.com Logo
Ryz Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 3-5 years of experience in secure software development, Security Architecture, threat modeling, or related roles
  • Relevant Professional certifications such as CISSP, OSCP, GWEB, CREST-CWAT or similar are highly desirable
Job Responsibility
Job Responsibility
  • Work as an internal security consultant to help product & engineering teams understand the security risk and advise them on best practices
  • Design and implement secure architecture solutions for applications and systems
  • Conduct threat modeling exercises to identify and mitigate potential security threats
  • Document and communicate threat modeling findings and recommendations
  • Perform periodic Security Assessments and code reviews to ensure compliance with SSDLC practices
  • Perform proactive research to detect new attack vectors and pentest internal and external apps
  • Implement security controls and best practices within CI/CD pipelines. Automate the security testing tools and processes within the CD/CI pipeline
  • Develop security tools and security metrics
  • Manage and Oversee vulnerability disclosure program by coordinating with external researchers to validate and triage reported vulnerabilities
  • Develop and maintain security standards and guidelines for application development
Read More
Arrow Right