Hitachi Vantara, a wholly owned subsidiary of Hitachi, Ltd., helps data-driven leaders use the value in their data to innovate intelligently and reach outcomes that matter for business and society - what we call a double bottom line. Only Hitachi Vantara combines 100+ years of experience in operational technology (OT) and 60+ years in IT to unlock the power of data from your business, your people and your machines. We help enterprises store, enrich, activate and monetize data for better customer experiences, new revenue streams and lower business costsThe Role
Hitachi Vantara seeks a passionate and talented Penetration Tester to join our Product and Service Security team and partner with Hitachi Vantara business groups to best understand the organization's needs and how they relate to our global information security posture. In this role you will report to the Director, Security Architecture and will lead the product and service security testing activities and execute penetration testing against Hitachi Vantara products, services and/or infrastructure supporting the cloud-based services.
You will be working very closely with the products and services teams to assess our security, make recommendations, and suggest solutions. The individual will be responsible for uncovering security flaws in a diverse set of technologies. As part of that role, the individual will communicate observations to the Enterprise Security and Product Engineer teams, endeavor to meet Engineers' expected outcomes, and ensure the timely delivery of project milestones.
The right individual will have the opportunity to guide our Product Engineers' long-term security strategy and contribute to the overall growth and maturity of Hitachi Vantara services. The candidate will act independently, as well as collaboratively with engineers, peers, partners, and managers from IT and multiple organizations to ensure technical excellence and satisfaction.Responsibilities
- Conduct penetration testing across Hitachi Vantara products and services hosted on public cloud environment (Azure, AWS and GCP) and/or infrastructure.
- Conduct Penetration testing of Kubernetes native and migrated applications and services.
- Conduct Penetration testing of datalakes and big data products and service offerings.
- Conduct vulnerability research and utilize off-the-shelf exploits.
- Document penetration test results and remediation requirements.
- Be a master of identifying security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Engage at all point of Software Engineering project to ensure Security controls and proper risk management practices are implemented including secure deployment, code review, code application scanning as part of the quality process.
- Lead root cause analysis processes based on information about the engineering groups processes, technology, and maturity.
- Communicate across functional areas and update project statuses to keep project teams informed of progress and/or significant changes.
- At least Bachelor's degree.
- Minimum 8 years of penetration test and/or secure development and devsecops experience.
- Minimum 5 years of experience with securing public cloud deployments and distributed systems using public cloud hosting, including GCP, AWS or Azure.
- Deep understanding of attack and defense of Kubernetes, Istio, Docker workloads.
- Understanding of attack surfaces and hardening of big data systems (hadoop, spark, kafka, druid, etc).
- Understanding of Enterprise customer cloud security requirements and standards
- Experience with security testing tools (Burp suite, Metasploit, Kali toolsets, etc.) and modern administration, development, and management tools to be manipulated in attacks
- In depth knowledge of attacking and how to remediate attack vectors related to network security, cryptography, authentication, and authorization.
- Experience with implementing common security frameworks and controls in highly automated environments, especially in CI/CD environments; experience attacking supply chains for CI/CD environments.
- Expertise in developing and implementing one or more of the following: Identity and Access Management, SAML, Open ID Connect, OAuth2 or 2FA technologies.
- Ability to script or customize attack code a needed.
- Broad technical background in infrastructure and cloud with the ability to interpret technical specs and architect solutions.
- Ability to assist in coding of custom automations of security tasks and writing automation to help scale security testing at AWS, Azure or GCP is a plus.
- Able to create professional documentation of findings and communicate risks and recommendations to Senior Leadership and management.
- Public Cloud (AWS, Azure, GCP) Security certifications.
We are an equal opportunity employer. All applicants will be considered for employment without attention to age, race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.