Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, CybersecurityIndustries
Requirements
- Experienced application security professional with strong grasp of software architecture and secure SDLC principles
- Ability to analyze complex architectures, identify design-level risks, and provide clear, actionable recommendations
- Awareness of AI/ML and LLM integration risks, such as model input validation, prompt injection, and data handling
- Thrive in collaboration with developers, architects, and engineering teams to make secure design decisions practical, scalable, and developer-friendly
Responsibilities
- Defining and maintaining secure application architecture patterns, reference designs, and reusable components across enterprise and cloud-native ecosystems
- Performing architecture risk assessments and threat modeling for major application programs, APIs, and platforms
- Leading adoption of Web Application and API Protection (WAAP) controls and Application Security Posture Management (ASPM) tools to enable continuous risk visibility and compliance
- Embedding security controls in SDLC and CI/CD pipelines, including SAST, DAST, SCA, IaC, and container scanning
- Designing and governing security for Kubernetes-based and containerized workloads, including service mesh and runtime protection
- Developing and enforcing standards for API and microservices security, including authentication, authorization, and token lifecycle management (OAuth2, OIDC, mTLS)
- Establishing secure-by-default configurations for CI/CD and GitOps pipelines (e.g., ArgoCD, Flux, Jenkins, GitHub Actions)
- Partnering with engineering teams to design secure cloud-native and hybrid architectures across AWS, Azure, and GCP
- Providing security guidance for applications leveraging AI/ML or LLM capabilities, such as input/output sanitization, model integrity, and data protection
- Establishing application security KPIs, governance models, and maturity metrics
- Contributing to security architecture practice for applications, APIs, digital platforms, and AI-enhanced systems
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
Is this role remote or onsite?
This role is designed as ‘Onsite’ with an expectation that you will primarily work from an HPE office.
What is the salary for this position?
This information is not specified in the job description.
What skills are required for the AppSec & AI Security Architect role?
Required skills include experience in application security, software architecture, secure SDLC principles, architecture risk assessments, threat modeling, and awareness of AI/ML risks like prompt injection and data handling.
What is the company culture like at HPE?
HPE's culture thrives on finding new and better ways to accelerate what’s next, values varied backgrounds, offers flexibility to manage work and personal needs, embraces bold moves together, and supports career growth.
What makes a strong candidate for this role?
A strong candidate is an experienced application security professional who excels at analyzing complex architectures, providing actionable recommendations, and collaborating with developers and engineering teams to implement practical, scalable secure designs, with knowledge of AI/ML risks.
Hewlett Packard Enterprise
Provides enterprise IT solutions and services
About Hewlett Packard Enterprise
Hewlett Packard Enterprise provides enterprise IT solutions with a focus on cloud services, artificial intelligence, and edge computing. Their products include HPE Ezmeral for managing containers, HPE GreenLake for cloud services, and HPE Aruba for networking. These solutions help businesses improve their performance and adapt to digital changes. HPE's business model includes selling hardware, software, and services, as well as offering subscription-based services and long-term contracts. What sets HPE apart from competitors is its commitment to open-source projects and its active developer community, which supports collaboration and innovation. The company's goal is to empower organizations to transform digitally and optimize their operations.
Houston, TexasHeadquarters
1939Year Founded
IPOCompany Stage
Hardware, Enterprise Software, AI & Machine LearningIndustries
10,001+Employees
Risks
Integration challenges with Juniper Networks may delay AI-driven networking benefits.
Competition from startups like Flywheel could impact HPE's AI and cloud services.
HPE's acquisition strategy may strain resources and distract from core operations.
Differentiation
HPE's GreenLake offers a unique hybrid cloud platform for diverse IT environments.
HPE Ezmeral provides advanced container management, enhancing enterprise AI and analytics capabilities.
HPE's Aruba solutions integrate cloud security and networking for seamless, secure connectivity.
Upsides
HPE's acquisition of Juniper Networks boosts AI-driven innovation in networking.
OpsRamp acquisition enhances HPE's IT management with AI-based automation capabilities.
Axis Security integration strengthens HPE's cloud security offerings with SASE solutions.
Related Jobs
RemoteRemoteSenior Software Engineer, Supply Chain Security
Docker$189,600 - $260,700/year
- Full Time
- Senior (5 to 8 years)
RemoteSolutions Architect, AI/ML
Snowflake$128,000 - $178,500/year
- Full Time
- Senior (5 to 8 years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSoftware Architect
CrowdboticsSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteEnterprise Architect
AdobeSalary not specified
- Full Time
- Expert & Leadership (9+ years)