AppSec & AI Security Architect

AppSec & AI Security Architect

This role has been designed as ‘’Onsite’ with an expectation that you will primarily work from an HPE office.

Job Description:

About our Cybersecurity Team

Are you ready to make an impact at one of the world’s leading tech companies?

HPE’s Cybersecurity team is where you can do just that!

HPE’s Cybersecurity organization is where innovation meets trust. We’re looking for a seasoned Application Security Architect to join our Security Architecture practice, helping to secure the applications, APIs, and digital platforms that power HPE’s global business.

If you’re passionate about secure software design, enabling DevSecOps at scale, and shaping how security is embedded into enterprise and AI-enhanced applications, this is the role for you.

As an Application Security Architect at HPE, you’ll be responsible for defining and governing secure application architecture patterns, conducting design and threat reviews, and partnering with engineering and product teams to embed security-by-design into the development lifecycle.

You will primarily focus on application, API, and DevSecOps security, while also contributing to secure adoption of AI technologies where relevant, ensuring new AI-enabled systems meet enterprise standards for data protection, privacy, and model integrity.

About You

You are an experienced application security professional with a strong grasp of software architecture, and secure SDLC principles.

You can analyze complex architectures, identify design-level risks, and provide clear, actionable recommendations.

You also bring awareness of AI/ML and LLM integration risks, such as model input validation, prompt injection, and data handling.

You thrive in collaboration working with developers, architects, and engineering teams to make secure design decisions practical, scalable, and developer-friendly.

What you’ll do:

Key Responsibilities

• Defining and maintaining secure application architecture patterns, reference designs, and reusable components across enterprise and cloud-native ecosystems.

• Performing architecture risk assessments and threat modeling for major application programs, APIs, and platforms.

• Leading adoption of Web Application and API Protection (WAAP) controls and Application Security Posture Management (ASPM) tools to enable continuous risk visibility and compliance.

• Embedding security controls in SDLC and CI/CD pipelines, including SAST, DAST, SCA, IaC, and container scanning.

• Designing and governing security for Kubernetes-based and containerized workloads, including service mesh and runtime protection.

• Developing and enforcing standards for API and microservices security, including authentication, authorization, and token lifecycle management (OAuth2, OIDC, mTLS).

• Establishing secure-by-default configurations for CI/CD and GitOps pipelines (e.g., ArgoCD, Flux, Jenkins, GitHub Actions).

• Partnering with engineering teams to design secure cloud-native and hybrid architectures across AWS, Azure, and GCP.

• Providing security guidance for applications leveraging AI/ML or LLM capabilities, such as input/output sanitization, model integrity, and data protection.

• Establishing application security KPIs, governance models, and maturity metrics.

• Contributing to secure SDLC frameworks, DevSecOps enablement, and developer awareness programs.

• Mentoring engineers, developers, and junior architects in secure coding and secure design practices.

What you need to bring:

Education & Experience Requirements:

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or Engineering.

• 10+ years of experience in application or product security architecture, preferably in large enterprise or SaaS environments.

• Proven expertise in secure application and API design, cloud-native security, and DevSecOps enablement.

• Proven expertise in secure application and API design, WAAP, and ASPM solutions.

• Strong experience with Kubernetes (K8s), containerization, and service mesh architectures.

• Hands-on experience implementing or governing GitOps pipelines and policy-as-code frameworks (e.g., OPA/Gatekeeper, Kyverno).

• Knowledge of Zero Trust, data protection, and modern identity standards (OIDC, OAuth2).

• Familiarity with AI/ML security risks, model governance, and responsible AI adoption.

• Deep knowledge of OWASP ASVS, NIST CSF, ISO 27034, and CIS Controls.

• Desired Certifications: CISSP, CSSLP, SABSA, CCSP, CKA (Certified Kubernetes Administrator), or CCSK..

Impact:

• Strengthen HPE’s application and platform security posture across modern DevSecOps and GitOps ecosystems.

• Drive automation-first security through architecture, code, and continuous validation.

• Enable faster, safer software delivery by embedding security directly into developer and platform workflows.

• Support responsible and secure integration of AI and ML technologies into enterprise applications.

• Contribute to a unified Security Architecture practice advancing HPE’s global secure-by-design strategy.

#Cybersecurity

Accountability, Accountability, Action Planning, Active Learning, Active Listening, Agile Methodology, Bias, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Collection Management (Inactive), Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity {+ 4 more}

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Job:

Information Technology

Job Level:

TCP_05

    

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

   

No Fees Notice & Recruitment Fraud Disclaimer

 

It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.  These scammers often seek to obtain personal information or money from candidates.

 

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.  The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.