Role Description This role has been designated as ‘Remote/Teleworker’, which means you will primarily work from home. This role is not a hands-on security engineering or SOC position. Hewlett Packard Enterprise (HPE) is seeking a Program Manager – Product Security Governance to drive execution of secure software development (SSDF), regulatory readiness (EU Cyber Resilience Act), and internal security governance initiatives within the Networking Business Unit. This role is responsible for end-to-end program coordination, execution tracking, and governance delivery across multiple cross-functional teams. The Program Manager will partner closely with security engineering, product, and development teams to ensure security and compliance requirements are consistently implemented across the software development lifecycle. This is an execution-focused program role centered on driving accountability, visibility, and operational rigor, rather than building security tools or performing hands-on engineering work. MUST Be a US Citizen Key Responsibilities: - Drive execution of security governance programs aligned to SSDF, EU CRA, and related regulatory requirements - Own coordination across engineering, product management, security, and governance stakeholders to ensure alignment on deliverables, timelines, and dependencies - Manage program tracking for application security initiatives, including asset tracking and security posture visibility - Lead documentation efforts required for product classification, regulatory compliance, and governance audits - Track and manage program milestones, risks, dependencies, and action items using tools such as Excel, JIRA, and Confluence - Drive regular program reviews, status reporting, and stakeholder updates to ensure transparency and accountability - Identify risks, gaps, and blockers proactively and drive resolution across teams - Establish and maintain program structure, processes, and reporting cadence to support scalable governance execution Qualifications - Bachelor’s degree in a technical field or equivalent practical experience - Minimum of 5 years of experience in program management, project management, or coordinated delivery within technical or engineering environments - Experience driving cross-functional initiatives related to security, compliance, governance, or SDLC processes is strongly preferred Requirements - Proven ability to independently manage complex, cross-functional programs - Strong communication, stakeholder management, and facilitation skills - Highly detail-oriented with strong problem-solving and execution capabilities - Ability to prioritize and manage competing priorities in a fast-paced environment - Proficiency with Excel for tracking, reporting, and data analysis - Experience working with JIRA and Confluence - Interest in developing deeper expertise in security governance and regulatory frameworks Benefits - Health & Wellbeing: A comprehensive suite of benefits that supports physical, financial, and emotional wellbeing. - Personal & Professional Development: Programs catered to helping you reach your career goals. - Unconditional Inclusion: A commitment to inclusivity and valuing varied backgrounds.

Role Description This is a fully remote role based in the United States. As a member of Talos, you will support cutting-edge detection and mitigation technologies. You will work towards keeping yourself abreast of the latest industry threat creation and defense techniques, and you will develop proof-of-concept solutions, provide domain expertise, and guide implementation to facilitate successful security posture in Cisco’s products. If you enjoy vulnerability research, crash analysis, reverse engineering, and researching new techniques and writing tools to automate these tasks, this job is for you! Your Impact - Security research including development of tools for vulnerability analysis and mitigation. - Development of static and run-time analysis tools to figure out root cause and input conditions related to a vulnerability. - Vulnerability triage and proof of concept exploit development to support the creation of detection content. - Write detailed technical reports, summaries, and testing methodologies. - Research emerging technologies, protocols, and testing methodologies. - Develop proof of concept exploits for testing vulnerability mitigations. - Perform patch analysis to find and trigger vulnerabilities. - Reverse engineer binary applications, protocols, and formats. - Analyze vulnerabilities and emerging security threats and technologies. - Provide critical security-focused expertise to engineering organizations. Qualifications - 3+ years of experience in vulnerability research or a closely related area such as exploit or mitigation development on Linux Systems. - 3+ years’ experience with C/C++, and a scripting language (e.g., Python), and assembly (e.g., x86/x64, ARM, etc.). Requirements - Bachelor’s degree or equivalent in Computer Science, Electrical Engineering, Cyber Security, or other tech-related degree. - Experience with Linux internals. - Experience with binary auditing and reverse engineering, and with related tools such as IDA Pro, Binary Ninja, Ghidra, etc. and with plugin development. - Experience with common vulnerabilities and methods of exploitation, such as memory corruption, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc. - Knowledge of common file formats, network protocol structures, and enterprise networking architecture. - Ability to work independently with minimum supervision and to tackle additional tasks as the need arises. Benefits - Medical, dental and vision insurance. - 401(k) plan with a Cisco matching contribution. - Paid parental leave. - Short and long-term disability coverage. - Basic life insurance. - 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees. - 1 paid day off for employee’s birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness determined by Cisco. - Non-exempt employees receive 16 days of paid vacation time per full calendar year, accrued at rate of 4.92 hours per pay period for full-time employees. - Exempt employees participate in Cisco’s flexible vacation time off program, which has no defined limit on how much vacation time eligible employees may use (subject to availability and some business limitations). - 80 hours of sick time off provided on hire date and each January 1st thereafter, and up to 80 hours of unused sick time carried forward from one calendar year to the next. - Additional paid time away may be requested to deal with critical or emergency issues for family members. - Optional 10 paid days per full calendar year to volunteer. - Employees may be eligible to receive grants of Cisco restricted stock units, which vest following continued employment with Cisco for defined periods of time.

• Collaborate on designing secure-by-default patterns for LLM integration and workflows • Lead security architecture reviews for MCP integrations • Build and operate AI threat modeling and red teaming capabilities • Engineer secure data pipelines for AI systems • Partner with IT, Information Security, and practice group leaders to evaluate AI vendor integrations • Develop and maintain security standards and engineering guardrails for AI development • Maintain compliance with all company policies and procedures

• Establish and evolve cloud and platform security hardening standards across AWS, Kubernetes, CI/CD, and SaaS platforms • Translate infrastructure architecture into clear, actionable security expectations — and validate they work in practice • Define and enforce least-privilege access models across cloud and Kubernetes identity boundaries • Secure CI/CD systems including federated identity, secrets handling, and environment protections • Validate network security controls and segmentation across the platform estate • Track and report platform security posture using meaningful risk-based metrics • Author reference architectures and decision records that engineering teams can operationalize • Partner closely with DevOps, SRE, and Engineering as the primary platform security authority