Product Security Incident Response Engineer

Product Security Incident Response EngineerDescription -In this role, we will look to you to bring your subject matter expertise to manage complex product security incidents from end to end. As part of HP Cybersecurity’s Product Security Response Team, you will use your security expertise to identify product security incidents, use your technical skills to reproduce the issue, use your communication skills to brief product teams, legal teams, and executives, test proposed remediations, and work with stakeholders and security researchers to coordinate public disclosures.Responsibilities:Monitors intake funnels for security incidents.Uses security knowledge and hands-on experience to reproduce reported vulnerabilities and test proposed remediations.Uses excellent verbal and written communication skills to brief stakeholders.Uses tested leadership skills to ensure proper coordination between product, application, legal, and executive teams.Uses excellent case management skills to ensure each case progresses towards a resolution.Experience Required:Solid understanding of MITRE CVE framework and CVSS scoring methodology.Experience triaging and scoring product security vulnerabilities.Technical Cyber Security Certification through one of the recognized bodies preferred: SANS, ISACA, (ICS)2, CompTIA, Cisco, CERT etc.5+ years of relevant experience.Knowledge and Skills:Advanced Cyber and IT security knowledge.Advanced understanding of Cyber and IT security risks, threats, and prevention measures.Advanced understanding of relevant programming and scripting languages (Perl, Python, PowerShell, HTML, JavaScript, etc.).Experience with debuggers such as IDA Pro, OlyDBG  is a plus, but not required.Advanced security system analysis skills.Advanced understanding of security standards and best practices.Advanced risk assessment and management skills.Advanced understanding of networking and network security.Advanced understanding of network monitoring and protocols.Advanced understanding of one or more of the following:Off-the-shelf vulnerability assessment products and tools.Network security devices (firewalls, proxies, NIDS/NIPS, etc.).Platform and application-layer penetration testing techniques.Adversary techniques, tactics, and protocols and related countermeasures.Dynamic and static malware analysis techniques.Network security monitoring.Memory analysis techniques.Malware reverse engineering techniques.Digital Forensics.Where legally permitted, an offer of employment is conditional upon you providing proof that you are fully vaccinated against COVID-19 (as defined by the CDC) as of your first day of employment.HP is an equal opportunity employer:   https://tbcdn.talentbrew.com/company/3544/v1_0/PDFs/HP%20Inc%20EEO%20Policy%20Statement%202017_Final_signed.pdf#LI-PostJob -Information TechnologySchedule -Full timeShift -No shift premium (United States of America)Travel -25%Relocation -Not SpecifiedEEO Tagline - HP Inc. is EEO F/M/Protected Veteran/ Individual with Disabilities.