This job has expired
This position was posted on November 27, 2025 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!
Job Overview
Location
Bangalore, Karnataka, India
Job Type
Full-time
Category
Software Engineering
Date Posted
November 27, 2025
Full Job Description
đź“‹ Description
- • Own the full lifecycle of advanced web and cloud penetration testing engagements—from initial scoping and threat modeling through exploitation, proof-of-concept development, remediation verification, and executive-level reporting—ensuring every engagement measurably reduces risk for HPE’s global customer base.
- • Plan and execute sophisticated offensive security campaigns against modern web applications, REST/GraphQL APIs, authentication & authorization flows, and micro-service architectures built on React, Angular, Node.js, Java Spring, .NET Core, and serverless stacks.
- • Perform targeted cloud penetration tests across AWS, Azure, and GCP, mapping complex IAM trust relationships, network segmentation, storage misconfigurations, container escape paths, and serverless privilege escalation chains that mirror real-world attacker tradecraft.
- • Conduct deep-dive secure code reviews of application and infrastructure-as-code repositories (Terraform, CloudFormation, ARM, Pulumi) to uncover injection flaws, insecure deserialization, business-logic bypasses, and cryptographic weaknesses before they ever reach production.
- • Build and maintain custom offensive tooling in Python, Go, or C/C++ to automate repetitive testing tasks, weaponize new exploits, and continuously raise the bar for detection evasion against WAF, IDS/IPS, EDR, and cloud-native guardrails.
- • Partner with product engineering squads during design sprints to perform STRIDE-based threat modeling, embed security controls early in the SDLC, and translate complex attack narratives into actionable developer guidance and secure-by-design patterns.
- • Drive post-engagement remediation verification, retesting vulnerable components, and producing reusable playbooks that empower defenders to detect and respond to similar attack paths across the enterprise.
- • Contribute to HPE’s global threat intelligence by publishing CVEs, presenting at security conferences, releasing open-source tools, and mentoring junior testers through knowledge-sharing sessions and pair-hacking exercises.
- • Influence strategic security investments by quantifying risk reduction, tracking repeat-finding trends, and presenting data-driven recommendations to senior leadership that shape future product roadmaps and security architecture decisions.
- • Champion an inclusive, growth-oriented team culture where curiosity, creativity, and psychological safety enable everyone to push the boundaries of offensive security while staying firmly grounded in ethical, legal, and compliance guardrails.
🎯 Requirements
- • Minimum 7 years of hands-on offensive security experience with a proven record of advanced web application and API penetration testing, including exploitation of authentication/authorization flaws, business-logic issues, and modern frameworks.
- • Demonstrated expertise testing and exploiting workloads in at least one major cloud provider (AWS, Azure, or GCP) covering IAM, networking, storage, serverless, and infrastructure-as-code misconfigurations.
- • Strong scripting and automation skills in Python, Go, or C/C++ for building proofs-of-concept, custom tooling, and scalable test harnesses.
- • Experience performing secure code reviews and integrating findings into the SDLC via threat modeling, developer collaboration, and security-by-design recommendations.
- • Nice-to-have: published CVEs, conference presentations, bug-bounty rankings, or open-source offensive security tools; familiarity with ML/AI attack surfaces such as prompt injection, model poisoning, and adversarial examples.
🏖️ Benefits
- • Remote-first culture with flexible hours and the autonomy to balance work and personal life from any location in India.
- • Comprehensive health, dental, and vision insurance plus mental-wellness programs and employee assistance plans for you and eligible dependents.
- • Generous annual training budget, paid certification renewals (OSCP, OSWE, GPEN, GWAPT, CRTP), and access to HPE University for continuous professional growth.
- • Global mobility programs, internal hackathons, patent incentive awards, and the opportunity to present research at leading security conferences worldwide.
Skills & Technologies
Python
AWS
Azure
GCP
GitLab
Remote
Degree Required
About Hewlett Packard Enterprise Company
Hewlett Packard Enterprise Company provides enterprise technology solutions, including servers, storage, networking, hybrid cloud, and edge computing platforms. It serves businesses, governments, and service providers worldwide, offering infrastructure, software, and advisory services for data centers, high-performance computing, and AI workloads. The company also delivers financial services and lifecycle asset management to optimize IT investments.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
Similar Opportunities
❌ EXPIRED
Great Place to Work UK
Sydney, New South Wales, Australia
Full-time
Expired Apr 25, 2026
Onsite
3 months ago
