CrawlJobs Logo
Cr

Product Security Engineer

https://www.hpe.com/ Logo

Hewlett Packard Enterprise

Location Icon

Location:
United States, Remote

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

101900.00 - 234500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

The Senior Security Engineer/Threat Researcher position will be part of Aruba Threat Labs, an internal product security group focused on researching and improving the security of HPE Aruba Networking's products, the company’s secure development practices, and the company’s vulnerability disclosure processes.

Job Responsibility:

  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers.

Requirements:

  • B.S. or M.S. in software engineering, computer science, cybersecurity, or a related field (or equivalent experience)
  • 7+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF, and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders
  • Effective problem-solving skills and a strong attention to detail
  • Ability to work independently and collaboratively within a geographically distributed team
  • Due to the nature of the role, must be a US Citizen or a Green Card holder.

Nice to have:

  • Experience with fuzzing frameworks (e.g., AFL, libFuzzer) and advanced static analysis tools
  • Experience with reverse engineering firmware, embedded systems, or IoT devices
  • Familiarity with secure development lifecycles (SDLC) and DevSecOps practices
  • Knowledge of modern cloud architectures and security concerns in cloud-native applications
  • Experience contributing to or managing open-source security projects
  • Certifications such as OSCP, OSWE, or GREM.
What we offer:
  • Comprehensive suite of benefits that supports physical, financial, and emotional wellbeing
  • Specific programs catered to helping employees reach career goals
  • Inclusive working environment.

Additional Information:

Job Posted:
June 13, 2025

Employment Type:
Fulltime
Work Type:
Remote work
Icon
View All Jobs In This Company
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs
Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs
Company
About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2025 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy

We use cookies to enhance your experience, analyze traffic, and serve personalized content. By clicking “Accept”, you agree to the use of cookies.