Cyber Security Engineer

Cyber Security Engineer

This role has been designed as ‘‘Onsite’ with an expectation that you will primarily work from an HPE office.

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next.

We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.

We are seeking a Cyber Security Engineer to partner directly with software engineering and product teams to build security into the full development lifecycle. In this role, you will help design, implement, and operationalize security controls across CI/CD pipelines, cloud infrastructure, and application architectures. You will work as a hands‑on security engineer and trusted advisor—driving measurable improvements in vulnerability reduction, secure design practices, and release quality.

• Partner with product engineering teams to embed security practices into the software development lifecycle, from design through deployment.
• Define and maintain security patterns for common platform components (APIs, services, identity, secrets, data storage).
• Provide actionable remediation guidance for engineering teams, aligned to business risk and delivery timelines.

• Manage and triage findings across:
  • SAST / SCA
  • Container and artifact scanning
  • Secret scanning
  • DAST (where applicable)
  • Malware
  • Cloud security posture and configuration findings
• Drive consistent risk scoring, prioritization, and remediation tracking aligned to SLAs.
• Validate fixes through testing and evidence‑driven verification.

• Integrate security tooling and controls into CI/CD pipelines with a focus on automation and developer usability.
• Improve pipeline outcomes by reducing false positives and creating security guardrails that scale.
• Build automation and scripts for security testing, enforcement, metrics, and reporting.

• Assess and advise on security controls for:
  • IAM and access policies
  • Network segmentation and security groups
  • Encryption and key management
  • Logging and monitoring
• Support containerized and orchestrated environments (Kubernetes).

• Partner with security operations teams on incident response support for product‑owned services.
• Assist in root cause analysis and drive remediation actions that prevent recurrence.
• Contribute to security standards, runbooks, and operational readiness.

• Help define and maintain security requirements aligned to enterprise standards such as:
  • NIST 800‑53 / 800‑171
  • ISO 27001/27002
  • CIS Benchmarks/STIG
  • OWASP Top 10
  • GDPR
  • EU CRA
• Support audit and compliance readiness by assisting with evidence generation and control validation for product environments.

• 7+ years in security or IT roles.
• 3+ years of hands‑on experience in cybersecurity engineering, product security, Dev Sec Ops , or secure platform engineering.
• Strong understanding of common application security risks and mitigations (OWASP Top 10, secure coding patterns).
• Experience integrating security scanning into CI/CD pipelines (Git Hub Actions, Git Lab CI, Jenkins, Azure Dev Ops, etc.).
• Working knowledge of cloud security fundamentals (AWS, Azure, or GCP).
• Experience in at least one scripting/programming language (Python, Go, Java, JavaScript/Type Script, or similar).
• Ability to communicate security risk clearly and pragmatically to engineering teams and technical leadership.

• Experience with container and Kubernetes security (image scanning, admission controls,…