Meet our Team
We represent Hitachi Vantara to enterprise clients across industries, establishing business relationships to understand customer challenges so that we can deliver profitable business for Hitachi products, services, and solutions. We collaborate as a team and cross-functionally to ensure the success of our customers; success that is celebrated and shared. Our solutions bring value to every line of business, and we need people like you to build those deep relationships and to passionately articulate our value proposition. What you'll be doing
What you bring to the team
- Responsible for the design and development of innovative security architectures for protecting data deployed in Cloud service providers.
- Assess day-to-day monitoring of IT security systems by reviewing end customer security alerts and logs.
- Assess how customer teams investigate security alerts and handle incident response.
- Document security processes and procedures for end customers and operations teams.
- Collaborate with InfoSec and Global Cloud Operations personnel in analysis, discovery, and containment of cyber security incidents.
- Provide expertise and support in deployment of security measures and understand information security management.
- Provide guidance for a strong security posture in direct interaction with DevOps teams in deployment of orchestration, automation, and security configuration management throughout the SDLC pipeline/process.
- Experience working with security assessment teams during testing to be able to convey findings to technical and non-technical audiences and analyze the results of vulnerability scans and/or penetration testing.
- Designing and implementing automated security processes and controls to increase operational effectiveness and to reduce manual processes.
- Interfacing with infrastructure and other teams throughout the organization with the objective to provide high quality and low friction, security operations services and compliance with internal and regulatory security standards
- Preparing and documenting standard operating procedures.
- Act as part of the incident response team providing troubleshooting, analysis and forensics when needed.
- Review solutions, recommendations, and risk documentations to minimize risk of implementation of recommended products, applications, and infrastructure
- Stay current on IT security trends, news, and standards.
- Ensure security components are managed and compliance is maintained throughout their lifecycle i.e. protection profiles, security groups, implementation of all resources following security guideline
- Audit, review and monitor Security: encryption, VPC Flow logs, security groups, routing tables, ACL's, Elastic IPs
- Assess that operational security is developed through the operating model design and ensure controls are developed to ensure compliance to security controls
- Vulnerabilities assessment and remediation plan
- Responsible for the creation of the security dashboard and reports
- Security Incident Management: incident response and SPOC for SOC
- Coordination of Penetration Testing activities including managing Amazon/Azure Requests
- Perform risk assessments of new Public Cloud capabilities that we want to operationalize and support creation of guides for application managers who want to use the service
- Register, track and update Public Cloud risks, gaps and remediation's in the IT360 tool
- Perform GxP assessment of AWS and Azure cloud Platform on Yearly basis
- Responsible for AWS Config Rules: Define monitoring, change, governance and compliance rules to implement with input from IAM Manager and Security Manager
- Make sure the alerts are checked within Azure security center
- Make sure services are implemented as per Design specifications
- Firewall change form approvals for Azure and AWS cloud changes
- Review/ Approval of IAM polices
Nice to have skills:
- 5+ years of IT experience with at least 3 years' experience working on cybersecurity.
- Experience implementing and administering AWS Cloud Security Posture Management (CSPM) & Cloud Workload Protection Platform (CWPP) tools - e.g., Prisma Cloud, Dome 9, Lacework etc.
- Solid understanding of security fundamentals as they pertain to AWS Cloud Security and Compliance.
- Strong working knowledge and experience with log analysis using a SIEM including writing and tuning rules for alerts, reading and interpreting logs from various platforms including Linux, Windows, and networking appliances.
- Experience using IT security systems and SIEM tools like Azure Sentinel, Rapid7, SumoLogic, Guard Duty, ELK, Splunk, LogRythm, etc., EDR and Anti-Malware technology and platforms.
- Experience with threat model, network security, cryptography, authentication, authorization and RBAC.
- Solid understanding and experience with securing public cloud deployments and distributed systems using public cloud hosting, including AWS, Azure
- Knowledge of data encryption techniques.
- Experience in Cloud audit, review and monitor Security: encryption, VPC Flow logs, security groups, routing tables, ACL's, Elastic IPs
- Experience creating BOTS
Type of Project (Development/Support/Migration/Upgrade/etc....):
- Self-motivated, energetic individual who is passionate and outcome focused with the ability to learn with a strong work ethic and adapt quickly to changing environments and priorities.
- Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization Experience with security testing tools (Qualys, Nikto, Burp suite, Appscan, WebInspector, SQLMAP, Kali, etc.)
- Understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, Mobile authentication, and key exchange) strategies.
- Knowledge of how to execute security testing (SAST, DAST and SCA) implemented via a CI/CD pipeline.
- Ability to assist in coding of custom automations of security tasks is a plus
- Ideally an industry recognized certification: AWS Security, Azure Security, SSCP, Security+, CISA, CCSK, CEH or alternative.
- Knowledge of scripts and languages such as Bash/PowerShell/Python/Go
- Excellent computer proficiency including JIRA, Salesforce, and MS Office - Word, Excel, Outlook, SharePoint
Support Shifts, If any:
None Client Interview (Yes/No) Our Company
Hitachi Vantara is part of the Global Hitachi family. We balance innovation with an open, friendly culture and the backing of a long-established parent company, known for its ethical reputation. We guide customers from what's now to what's next by unlocking the value of their data and applications to solve their digital challenges, achieving outcomes that benefit both business and society.
Our people are our biggest asset, they drive our innovation advantage, and we strive to offer a flexible and collaborative workplace where they can thrive. Diversity of thought is welcomed, and our employee base is represented by several active Employee Resource Group communities. We offer industry leading benefits packages (flexible working, generous pension and private healthcare) and promote a creative and inclusive culture. If driving real change gives you a sense of pride and you are passionate about powering social good, we'd love to hear from you. Our Values
We strive to create an inclusive environment for all and are open to considering home working, compressed/flexible hours and flexible arrangements. Get in touch with us to explore how we might be able to accommodate your specific needs.
We are proud to say we are an equal opportunity employer and welcome all applicants for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. With Japanese roots going back over 100 years, our culture is founded on the values of our parent company expressed as the Hitachi Spirit:
- Wa - Harmony, Trust, Respect
- Makoto - Sincerity, Fairness, Honesty, Integrity
- Kaitakusha-Seishin - Pioneering Spirit, Challenge