Hewlett Packard Enterprise
Director of Application Security
Hewlett Packard Enterprise, Washington, District of Columbia, us, 20022
Hybrid work: 2 days per week from an HPE office
Overview Director of Application Security leading enterprise application security strategy, building a high‑performing team, and driving security‑by‑design across HPE’s products and services.
Key Responsibilities
Define and execute the application security strategy aligned with business objectives and regulatory requirements.
Build, mentor, and grow a high‑performing Application Security team, fostering a culture of collaboration, innovation, and continuous improvement.
Act as a trusted security advisor to engineering and product executives, driving security‑by‑design principles across the organization.
Develop and mature secure software development programs, including secure SDLC, DevSecOps integration, code security reviews, static/dynamic analysis, SCA, open‑source risk management, and secure coding standards.
Establish policies, standards, and patterns that enable development teams to deliver secure products at scale.
Partner with engineering, DevOps, and cloud teams to embed security tooling into CI/CD pipelines and workflows.
Lead developer outreach efforts, building security champions programs and creating practical guidance for developers.
Engage with product management to incorporate security requirements and risk assessments into roadmaps.
Drive application security risk register integration, reporting visibility to senior leadership and the board.
Measure and report on program maturity and effectiveness using KPIs and KRIs.
Stay current on evolving threat landscape, regulatory requirements, and industry best practices.
Qualifications
10+ years experience in cybersecurity, with 5+ years leading an application security function.
Strong track record building and scaling application security programs in large, complex technology environments.
Deep expertise in secure software development practices, DevSecOps, CI/CD tooling, threat modeling, code analysis, and vulnerability management.
Knowledge of OWASP Top 10, SANS Top 25, and modern application security risks.
Executive presence and communication skills to influence engineering and business leaders.
Experience with risk management frameworks: NIST CSF, ISO 27001, SOX, GDPR, HIPAA, etc.
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
Preferred certifications: CISSP, CSSLP, or equivalent.
Benefits & Development
Comprehensive benefits supporting physical, financial, and emotional wellbeing.
Career development programs to help you reach any career goal.
Inclusive culture celebrating individual uniqueness.
Equal Employment Opportunity Hewlett Packard Enterprise is an Equal Employment Opportunity/Veteran/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are based on qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here:
Equal Employment Opportunity .
Fraud Disclaimer HPE will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. Verify any hiring agency that claims to be working with HPE for recruitment of talent. Any candidate who relies on fraudulent representations is at their own risk, and HPE disclaims liability for any damages or claims that may result from any fraudulent communication.
#J-18808-Ljbffr
Overview Director of Application Security leading enterprise application security strategy, building a high‑performing team, and driving security‑by‑design across HPE’s products and services.
Key Responsibilities
Define and execute the application security strategy aligned with business objectives and regulatory requirements.
Build, mentor, and grow a high‑performing Application Security team, fostering a culture of collaboration, innovation, and continuous improvement.
Act as a trusted security advisor to engineering and product executives, driving security‑by‑design principles across the organization.
Develop and mature secure software development programs, including secure SDLC, DevSecOps integration, code security reviews, static/dynamic analysis, SCA, open‑source risk management, and secure coding standards.
Establish policies, standards, and patterns that enable development teams to deliver secure products at scale.
Partner with engineering, DevOps, and cloud teams to embed security tooling into CI/CD pipelines and workflows.
Lead developer outreach efforts, building security champions programs and creating practical guidance for developers.
Engage with product management to incorporate security requirements and risk assessments into roadmaps.
Drive application security risk register integration, reporting visibility to senior leadership and the board.
Measure and report on program maturity and effectiveness using KPIs and KRIs.
Stay current on evolving threat landscape, regulatory requirements, and industry best practices.
Qualifications
10+ years experience in cybersecurity, with 5+ years leading an application security function.
Strong track record building and scaling application security programs in large, complex technology environments.
Deep expertise in secure software development practices, DevSecOps, CI/CD tooling, threat modeling, code analysis, and vulnerability management.
Knowledge of OWASP Top 10, SANS Top 25, and modern application security risks.
Executive presence and communication skills to influence engineering and business leaders.
Experience with risk management frameworks: NIST CSF, ISO 27001, SOX, GDPR, HIPAA, etc.
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
Preferred certifications: CISSP, CSSLP, or equivalent.
Benefits & Development
Comprehensive benefits supporting physical, financial, and emotional wellbeing.
Career development programs to help you reach any career goal.
Inclusive culture celebrating individual uniqueness.
Equal Employment Opportunity Hewlett Packard Enterprise is an Equal Employment Opportunity/Veteran/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are based on qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here:
Equal Employment Opportunity .
Fraud Disclaimer HPE will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. Verify any hiring agency that claims to be working with HPE for recruitment of talent. Any candidate who relies on fraudulent representations is at their own risk, and HPE disclaims liability for any damages or claims that may result from any fraudulent communication.
#J-18808-Ljbffr