Application Cybersecurity & Compliance Analyst

The Company
Hitachi Vantara, a wholly owned subsidiary of Hitachi, Ltd., helps data-driven leaders use the value in their data to innovate intelligently and reach outcomes that matter for business and society - what we call a double bottom line. Only Hitachi Vantara combines 100+ years of experience in operational technology (OT) and 60+ years in IT to unlock the power of data from your business, your people and your machines.

The Role

Our Cybersecurity Analysts are responsible for protecting applications, devices, networks, and data from cyber threats and attacks. As an Application Cybersecurity Analyst, your goal is to ensure the confidentiality, integrity, and secure availability of our software applications. As an information security subject matter expert, you will be working directly within our Product Management Organization and participate in regular reviews of product and platform cyber resilience. You will be working proactively with product and engineering leaders to ensure compliance with OWASP standards across all software engineering scrum teams. A coding challenge will be required during the application process, should you be selected to move forward. Professional development support will be provided for the successful candidate to complete and maintain GICSP or CISSP designations, where self-study is encouraged.

ABOUT US

Our goal is to deliver mission critical enterprise and industrial software to our customers worldwide, This is a dynamic, multi-faceted field where customers are seeking not only new cyber security functionality within our products and additional cyber service offerings, but also continuously improve the cyber security posture of these mission critical software products and ensure they have been implemented in a secure manner, according to industry recognized standards such as OWASP, NIST and EU's Network & Information Systems Directive.

ABOUT YOU

You will be seeking to transcend your prior experience within application security to ensure that software products you will be assigned to ensure documented evidence is produced to verify compliance with industry standards. Producing written documentation is a key part of this role in. During the interview process the successful candidate will be able to demonstrate their ability to communicate with engineering leaders and internal stakeholders to continuously improve the cyber security posture of software products.

Desired Skills & Experience

* A minimum 5 years of progressive application security vulnerability experience, including experience working with SaaS cloud hosted software platforms and in one or more of the following: Enterprise Linux, Windows, Virtualization, Docker containers, Kubernetes, Networking
* Strong understanding of information security concepts, principles, and best practices and security frameworks and standards (e.g., OWASP, NIST, ISO, CIS Benchmarks) and their implementation.
* Familiarity with a variety of technical cyber security standards, how they are applied to software systems, and how compliance should be demonstrated and be documented for internal and external stakeholders.
* Ability to take one product or solution's template for successes and translate it into a repeatable recipe that other products can use to succeed in the same area.
* Ability to identify improvements and document changes that show continuous improvements to the cyber security posture of software products.
* Experience with Azure AD, AWS IAM, OKTA, Auth or other Identity Provider technologies.
* Breadth of knowledge, with some depth of proficiency in each, across technical aspects of cyber security: TCP/IP packet security, Firewall, IDS/IPS, Operating System Security (Linux, Windows), Vulnerability Assessment tools (e.g., Metasploit)
* Previous experience working with Open-Source package security; OSS CVE scanners, such as JFrog Xray; SBOMs; setting up and performing analytics on data.
* Basic programming and scripting skills (e.g., Python, PowerShell, JavaScript, SQL) to automate security tasks and analyze data.
* Familiarity with Lean, Agile development, and/or Scaled Agile Framework.

What will give you a competitive edge (Preferred Skills, Experience & Qualifications):
* Experience creating and implementing standards, policies, procedures and practices for large enterprises.
* Successful experience working with product and engineering teams to inform and demonstrate cyber security aspects for any software application/product/system/solution to using multiple sources of evidence (documentation, scanning, demo system/playpit, co-workers, etc.)
* Ability to think critically and innovatively about the security solutions that can keep data safe while still allowing the business to move quickly.
* Familiarity with networking concepts, protocols, and security measures (e.g., TCP/IP, firewalls, VPNs).
* Familiarity with cloud computing security concepts and practices.
* Understanding of common cybersecurity threats and attack vectors (e.g., malware, phishing, DDoS).
* Experience using security tools such as SIEM, antivirus, ISPS, and vulnerability scanners.
* Ability to identify and mitigate network vulnerabilities and explain how to avoid them to others.
* Awareness of web application security and common vulnerabilities (e.g., OWASP Top Ten).
* Strong analytical and problem-solving skills to investigate and remediate security incidents and anomalies.
* Excellent communication skills to collaborate with other team members and explain security issues to non-technical stakeholders.
* Ability to effectively communicate with customers, engineering leaders and internal stakeholders to continuously improve the cyber security posture of software products.
* Successful experience developing useful open-source security metrics that can be used to inform decision making.
* Ability to keep up with the evolving threat landscape and learn new security technologies.

Our Company
Hitachi Vantara is part of the Global Hitachi family. We balance innovation with an open, friendly culture and the backing of a long-established parent company, known for its ethical reputation. We guide customers from what's now to what's next by unlocking the value of their data and applications to solve their digital challenges, achieving outcomes that benefit both business and society.
Our people are our biggest asset, they drive our innovation advantage, and we strive to offer a flexible and collaborative workplace where they can thrive. Diversity of thought is welcomed, and our employee base is represented by several active Employee Resource Group communities. We offer industry leading benefits packages (flexible working, generous pension, and private healthcare) and promote a creative and inclusive culture. If driving real change gives you a sense of pride and you are passionate about powering social good, we'd love to hear from you.

Our Values
We are proud to say we are an equal opportunity employer and welcome all applicants for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status. With Japanese roots going back over 100 years, our culture is founded on the values of our parent company expressed as the Hitachi Spirit:
Wa - Harmony, Trust, Respect
Makoto - Sincerity, Fairness, Honesty, Integrity
Kaitakusha-Seishin - Pioneering Spirit, Challenge