Hitachi Vantara, a wholly owned subsidiary of Hitachi, Ltd., helps data-driven leaders use the value in their data to innovate intelligently and reach outcomes that matter for business and society - what we call a double bottom line. Only Hitachi Vantara combines 100+ years of experience in operational technology (OT) and 60+ years in IT to unlock the power of data from your business, your people and your machines. We help enterprises store, enrich, activate and monetize data for better customer experiences, new revenue streams and lower business costsThe Role
Hitachi Vantara seeks a passionate and talented Senior Application Security Analyst to join our Enterprise Security team and partner with Hitachi Vantara business groups to best understand the organization's needs and how they relate to our global information security posture. In this role you will report to the Director, Security Architecture and will lead the technical scoping of security testing activities and execute application security analysis against Hitachi Vantara applications, services and/or infrastructure.
You will be working very closely with the IT and product teams to assess our security, make recommendations, and suggest solutions. The individual will be responsible for uncovering security flaws in a diverse set of technologies. As part of that role, the individual will communicate observations to the Enterprise Security and IT Application Owners, endeavor to meet Engineers' expected outcomes, and ensure the timely delivery of project milestones.
The right individual will have the opportunity to guide our IT' long-term security strategy and contribute to the overall growth and maturity of Hitachi Vantara applications. The candidate will act independently, as well as collaboratively with engineers, peers, partners, and managers from IT and multiple organizations to ensure technical excellence and satisfaction.Responsibilities
- Conduct testing across Hitachi Vantara IT applications (Web/Thick client/Mobile/API) hosted on-premises and on public cloud environment (Azure and AWS) and/or infrastructure.
- Serve as the security SME for IT Applications penetration testing.
- Conduct vulnerability research and utilize off-the-shelf exploits.
- Be a master of identifying security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Engage at all point of Software Engineering project to ensure Security controls and proper risk management practices are implemented including secure coding, code review, code application scanning as part of the quality process.
- Lead root cause analysis processes based on information about the engineering groups processes, technology, and maturity.
- Lead cross functional project calls and planning sessions.
- Communicate across functional areas and update project statuses to keep project teams informed of progress and/or significant changes.
- Demonstrate ability to successfully distill complex technical information into clear, concise yet comprehensive communication material.
- Understand the fundamental company security and risk management strategy and be able to apply that as fundamental pillar of the transformation strategy.
- Minimum 5 years of application security test including a fair degree of security engineering knowledge.
- Bachelor's degree or equivalent experience and training.
- Ideally an industry recognized certification: AWS Security, Azure Security, OSCP, OSCE or alternative
- Experience with security testing tools (Burp suite, Appscan, WebInspector, SQLMAP, Kali, etc.)
- Experience with securing public cloud deployments and distributed systems using public cloud hosting, including AWS and Azure.
- Expertise in developing and implementing one or more of the following: Identity and Access Management, SSO, SAML, Open ID, OAuth2 or 2FA technologies.
- Experience writing automation to help scale security testing at AWS.
- In depth knowledge of threat model, network security, cryptography, authentication, authorization and RBAC.
- Experience with implementing common security frameworks and controls in highly automated environments, especially in CI/CD environments.
- Strong understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, Mobile authentication and key exchange) strategies.
- An ability to script or customize attack code as needed is a plus.
- Ability to assist in coding of custom automations of security tasks is a plus.
- Able to communicate risks and recommendations to Senior Leadership and management.
- Demonstrate leadership, including the ability to influence all levels of management towards a common goal.
- Ability to facilitate meetings with strong presentation skills and ability to quickly discern differing points of view versus derailing points of view.
All qualified applicants will receive consideration for employment without regard to race, color, religion, place of origin, ethnic origin, national origin, ancestry, age, sex, sexual orientation, gender identity, transgender status, genetic information, mental or physical disability, marital status, pregnancy, veteran status, or any other characteristic protected by applicable national, state, or local law.