Services Trust and Assurance Engineer

Services Trust and Assurance Engineer

This role has been designated as 'Remote/Teleworker', which means you will primarily work from home.

Who We Are:

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work.

We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today's complex world.

Our culture thrives on finding new and better ways to accelerate what's next.

We know varied backgrounds are valued and succeed here.

We have the flexibility to manage our work and personal needs.

We make bold moves, together, and are a force for good.

If you are looking to stretch and grow your career our culture will embrace you.

Open up opportunities with HPE.

Job Description:

As HPE Aruba Networking's customers pivot to consume more of their networking capabilities as a service, the company must ensure that its service offerings are trustworthy, secure, and provide the necessary evidence of trustworthiness so that customers' compliance requirements are met.

The Security Service, Trust, and Assurance Engineer monitors and reports on security programs related to Aruba's customer-facing applications and services.

These services include HPE Aruba Networking Central, the HPE InstantOn portal, the HPE Networking Support Portal, SASE, and others.

This is an individual-contributor position, responsibilities of the position include:


* Working collaboratively with R&D teams developing software for Aruba services to ensure understanding and adoption of the NIST Secure Software Development Framework (SSDF / SP800-218) and achievement of desired maturity targets.

When gaps are identified, work with Engineering and Program Management to establish a plan to address the gaps, monitor remediation efforts, and oversee KPI achievement targets.


* Synchronize additional R&D requirements from other applicable assessment or regulatory frameworks such as SOC2, ISO 27001, FedRAMP, and PCI-DSS so that R&D teams receive a coherent set of requirements.


* Develop, plan, and execute a compliance and accreditation program for each customer-facing service based on customer needs.

Measure progress and program health and present this information in dashboard form for consumption by upper management and executive leadership.


* Engage third-party consultants, auditors, and assessors as necessary.


* Work with the HPE Privacy Office and the Chief Privacy Officer to ensure global privacy requirements are actively addressed.


* Interface regularly with HPE Global Security, SRE, and the HPE Transformation Office to execute a shared responsibility model for as-a-service governance and ensure Aruba's as-a-service program is effectively reflected in company governance activities.


* Serve as a coordinating function if and when security incidents occur, working alongside other fu...