Key skills
AWSAzureCyber SecurityGoogle Cloud PlatformLinuxSQLVMwareGoGCPGoogle CloudIAMOAuthSAMLRisk ManagementPresentation SkillsSalesOWASPNetwork Security
About this role
Role Overview
- Working with Hitachi Vantara engineering teams and customers to ensure products meet US Government security requirements.
- Evaluate the posture and compliance of security offerings (i.e. product or services) based upon internal/external criteria (e.g., standards, checklist, scanning tools, etc.), perform gap analysis, and report/brief the findings.
- Hardening Hitachi Vantara product and service offerings.
- Assisting the process of achieving and maintaining ATOs for both traditional and Fedramp based solutions.
- Drafting, reviewing, and maintaining documents like System Security Plans (SSPs), Contingency Plans, and Plans of Action and Milestones (POA&Ms).
- Providing security guidance and define requirements for Hitachi Vantara’s internal systems, customer-facing services, and products.
- Be a master of identifying security design gaps in existing and proposed product and service architectures and recommend changes or enhancements.
- Collaborate with the other leaders of Hitachi Vantara including sales, product security and engineering.
Requirements
- Minimum 10 years of security architecture and/or engineering experience including a solid technical foundation in security and compliance.
- Advanced technical capabilities in a wide array of platforms and systems (e.g., Linux, Windows, VMWare, SQL, etc.).
- Familiar with industry and government security standards and baselines such as the DISA STIGs, CIS benchmarks, NIST 800-53, NIST Risk Management Framework, FIPS 140-2/3, the NIST Cybersecurity Framework and NIST 800-171.
- Experience with Fedramp approval process and securing solutions deployed to public and private clouds, including AWS, Azure or GCP.
- In-depth knowledge of risk assessments, network security, cryptography, authentication, secure systems development, and authorization.
- Strong understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, mobile authentication and key exchange) strategies.
- Familiar with IAM federated identity strategies
- SAML, OAuth, and OIDC protocols.
- Ability to facilitate meetings with strong presentation skills and ability to quickly discern differing points of view versus derailing points of view.
- Strong/expert level understanding of trends in the industry for information security policy, audit, compliance, and risk management.
- Certifications Desired: CISSP, CSA, Security.
Tech Stack
- AWS
- Azure
- Cyber Security
- Google Cloud Platform
- Linux
- SQL
- VMware
Benefits
- We want to help you take care of your today and tomorrow – at home and at work.
- Industry-leading benefits that go far beyond compensation.
- Support, services, and resources that also take care of your holistic health and wellbeing.
- Flexible arrangements that work for you (role and location dependent).