Senior Security Engineer
Hitachi Vantara, a wholly-owned subsidiary of Hitachi, Ltd., guides our customers from what’s now to what’s next by solving their digital challenges. Working alongside each customer, we apply our unmatched industrial and digital capabilities to their data and applications to benefit both business and society. More than 80% of the Fortune 100 trust Hitachi Vantara to help them develop new revenue streams, unlock competitive advantages, lower costs, enhance customer experiences, and deliver social and environmental value.
Come join our team and our employee-focused culture and help drive our customers’ data to meaningful customer outcomes.
The Senior Security Engineer is expected to be strong in multiple domains and provide significant leadership and contribution to the HV Product Security and Compliance team under the Sr. Director of Engineering Operations - Security and Compliance Unit. You are responsible for validating that HV products are designed and implemented to the highest security standards. You will be responsible for providing leadership for implementation of DevSecOps environment and the implementation of Secure Software Development Lifecycle (SSDLC) integration with the CI/CD pipelines for the product portfolio. You will work with multiple engineering teams to implement robust SSDLC practices., which requires interactions with other Product Security team members, as well as Development, Support, System admins, Engineering, System Administration, DBA’s, and Networking team members, as well as Business Owners of applications.
You are expected to develop solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. A successful candidate will need a combination of technical, application, troubleshooting and communication skills, in addition to the ability to handle a mix of diverse tasks including evaluating, implementing and improving processes of Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST) and manual penetration testing. This successful candidate is responsible for enabling and facilitating the engineering teams to implement automation of the security assessments, identify vulnerabilities, assess their risk, work with developers, QA analysts, application business owners, and others to identify, validate, remediate, or mitigate the risk of these vulnerabilities.
The ideal candidate has experience with both application development as well as information security concepts, is an effective communicator, and documents and produces report effectively. Experience in a similar role is preferred. She or he must work well in dynamic and often informal teams. She or he should also be able to coordinate disparate priorities and constraints on development teams, manage different personalities, and maintain objectivity and a strong understanding that security is just one of the business's activities.
- Guide the implementation of automation of SSDLC and integration into the CI/CD pipeline for products in the portfolio
- Assess and recommend implementation references for the product teams for a variety of technology stacks and enable the successful implementation of DevSecOps across the product portfolio.
- Ability to manually validate scan results to remove false positives, redundant, or duplicate data as well as to test for additional classes of vulnerabilities scanners can’t report is a plus
- Provide timely and detailed reports, with proofs of findings, analysis of risk, and remediation advise and instructions
- Meet with the product engineering, server, and network teams to discuss vulnerability remediation. The technical ability to review the source code and provide examples of how to fix vulnerabilities, and/or to give clear instructions including commands to app teams is preferred
- Provide timely rescans and tests for potential new vectors to teams working to resolve vulnerabilities
- Utilize a ticketing system to report standard vulnerabilities and work with teams to ensure they are resolved
- Preferred candidates 5 + years of technical experience in the fields of secure application development, or cybersecurity operations
- Must be able to work independently and in a team environment
- Knowledge of OWASP Top 10 and SANS Top 25 Software Weaknesses
- Certification and/or training in Application Vulnerability Assessment, Pen Testing and Software Composition Analysis.
- Recognized industry level security certification such as CISSP, CSSLP, CEH, GWAPT, GSEC, GCIA, GPEN, CGWN, CXPN, or PWK
- Highly desirable to Analyse, understand, and provide remediation plans for active threats and vulnerabilities.
- Automation mindset with scripting ability (e.g. Python, Bash, Java others) to develop an automation for the generation of benchmark and best practices
- Capable of describing the necessary concepts, technologies, and functionality using the right vocabulary at the right level of abstraction
- Comfortable with complex undocumented requirements and independent task research
- Professional, organized, and independent
- Reliable, self-motivated, and flexible individual who can collaborate well in a fast-paced environment
- Able to meet deadlines related to scheduled content updates, content changes for immediate release to customers and prospects, and software release dates
- Experience working with remote subject matter experts
- Excellent written and verbal communication skills in a team environment
- 5+ years of experience in application security
- 4-year college degree in Computer Science, Technical Communication, or related discipline
We are an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Great careers start with innovation and here at Hitachi Vantara, our promise is to deliver insights that power smarter businesses and inspire social innovation solutions for a healthier, safer future. The key to our innovation is our people -- our culture values respect, diversity, and collaboration. Join our Hitachi family and together, lets lead the way to extra-ordinary.