Senior Offensive Security Engineer

About The Role

As an Offensive Security Engineer within HP IQ’s Product Security team, you will partner closely with engineering teams to identify, validate, and mitigate security risks across the product lifecycle. You’ll influence design decisions, embed security into development workflows, and continuously assess attack surfaces to guide and enhance secure development.

What You Might Do

• Lead penetration tests and security assessments for product and feature releases.
• Conduct continuous security engagements, proactively identifying vulnerabilities and driving remediation to closure.
• Advise engineering and product teams on remediation strategy, validating fixes and tracking measurable improvements to security posture over time.​​​​​​​​​​​​​​​​
• Assess attack surfaces across internet-facing services, APIs, and device interfaces (Wi-Fi, BLE, USB).
• Perform threat modeling and security architecture reviews that directly shape product decisions.
• Define and lead end-to-end risk reduction initiatives with internal and external stakeholders, aligning offensive findings to strategic security investments.​​​​​​​​​​​​​​​​
• Shape the offensive security roadmap, defining assessment scope, tooling, and methodology standards.

Essential Qualifications

• 5+ years of experience as an offensive security engineer or equivalent.
• Experience threat modeling (e.g., STRIDE) and mapping adversary techniques (e.g., MITRE ATT&CK).
• Expertise in identifying and exploiting common vulnerabilities (e.g., OWASP Top 10, SANS 25).
• Hands-on experience testing embedded systems, firmware, and device software, including bootloader security, OS hardening, and low-level interface exploitation (e.g., JTAG, UART, SPI/I2C).
• Demonstrated experience with hardware-assisted attack techniques such as fault injection, side-channel analysis, and glitching, using tools like ChipWhisperer, OpenOCD, Ghidra, Binwalk. 
• Proficiency in at least one modern language (Go, Python, Java, or TypeScript), applied to building offensive tooling, exploits, or automation.
• Ability to communicate security findings, risk posture, and strategic recommendations to both engineering teams and executive stakeholders.

Preferred Skills

• • Experience securing AI products or edge-connected systems at scale.
  • Experience building or maturing an offensive security practice within a product-focused organization. 
  • Experience validating technical controls to meet compliance standards such as SOC 2, ISO 27001, or PCI DSS. 
  • Experience formalizing secure-by-design standards across diverse environments, including applications, cloud services, and device software, translating principles into enforceable controls and engineering patterns.​​​​​​​​​​​​​​​​
  • Security research background with demonstrated findings, CVE disclosures, or public contributions to the offensive security community.
  • Track record of driving cross-functional security outcomes without direct authority, including aligning engineering and product roadmaps to offensive findings.​​​​​​​​​​​​​​​​

Salary: $180,000- $250,000