Hitachi Vantara, a wholly owned subsidiary of Hitachi, Ltd., guides our customers from what's now to what's next by solving their digital challenges. Working alongside each customer, we apply our unmatched industrial and digital capabilities to their data and applications to benefit both business and society. More than 80% of the Fortune 100 trust Hitachi Vantara to help them develop new revenue streams, unlock competitive advantages, lower costs, enhance customer experiences, and deliver social and environmental value. The Role
Hitachi Vantara seeks a passionate and talented Senior Security Analyst to join our Enterprise Security team and partner with Hitachi Vantara services groups to best understand the organization's needs and how they relate to our global information security posture. In this role you will report to the Director, Security Architecture and will lead the technical scoping of security testing activities and execute application security analysis against Hitachi Vantara services and/or infrastructure.
You will be working very closely with the IT and product teams to assess our security, make recommendations, and suggest solutions. The individual will be responsible for uncovering security flaws in a diverse set of technologies. As part of that role, the individual will communicate observations to the Enterprise Security and IT Application Owners, endeavor to meet Engineers' expected outcomes, and ensure the timely delivery of project milestones.
The right individual will have the opportunity to guide our IT' long-term security strategy and contribute to the overall growth and maturity of Hitachi Vantara applications. The candidate will act independently, as well as collaboratively with engineers, peers, partners, and managers from IT and multiple organizations to ensure technical excellence and satisfaction.Responsibilities
- Collaborate with InfoSec and IT personnel in analysis, discovery, and containment of cyber security incidents.
- Collaborate with the Vulnerability Management team driving the remediation efforts of the services organization
- Be a master of identifying security design gaps in existing or planned network/systems architecture and recommend changes or enhancements
- Provide expertise and support in deployment of security measures and understand information security management.
- Research security enhancements and make recommendations to management.
- Lead cross functional project calls and planning sessions.
- Communicate across functional areas and update project statuses to keep project teams informed of progress and/or significant changes.
- Demonstrate ability to successfully distill complex technical information into clear, concise yet comprehensive communication material
- Understand the fundamental company security and risk management strategy and be able to apply that as fundamental pillar of the transformation strategy.
- Working knowledge of EDR and Anti-Malware technology and platforms
- 3 years of work experience with incident detection, incident response and/or forensics
- Experience with security testing tools (Burp suite, Appscan, WebInspector, SQLMAP, Kali, etc.)
- Basic experience with securing public cloud deployments and distributed systems using public cloud hosting, including AWS and Azure.
- Expertise with one or more of the following technologies: Identity and Access Management, SSO, SAML, Open ID, OAuth2 or 2FA technologies.
- Expertise with threat model, network security, cryptography, authentication, authorization and RBAC
- Understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, Mobile authentication and key exchange) strategies.
- Ability to assist in coding of custom automations of security tasks is a plus
- Able to communicate risks and recommendations to Senior Leadership and management.
- Demonstrate leadership, including the ability to influence all levels of management towards a common goal
- Ability to facilitate meetings with strong presentation skills and ability to quickly discern differing points of view versus derailing points of view
- Fluency in French and English is a must
- Bachelor's degree or equivalent experience and training.
- Ideally an industry recognized certification: AWS Security, Azure Security, CISSP, CEH or alternative.
- Travel may be required - less than 25% both domestic and international
We are an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.