Cybersecurity Vulnerability Management Specialist

Hitachi Energy is seeking a Cybersecurity Vulnerability Management Specialist.

In this role you will report to the Vulnerability Management and Asset Detection team Manager.

You will be responsible for executing all aspects of the vulnerability management and asset detection program. You will help protect our Hitachi Energy’s and customers by identifying, analyzing and reporting on all types of vulnerabilities. You will be required to develop an effective, collaborative relationship with a significant number of internal and external stakeholders.

Your responsibilities

• Product Vulnerability Management: Support the product vulnerability process. Ensure effective, repeatable, and predictable processes to handle vulnerabilities in Hitachi Energy’s product offerings in a consistent, responsible, and timely manner from discovery, reporting through publication of the Cybersecurity Advisories.
• Vulnerability Management: Support delivery of the vulnerability management program, including vulnerability scanning, vulnerability assessments, and tracking support for vulnerability remediation. Prioritize remediation tasks based on risk level, assign them to the relevant system owner, and monitor progress until completion. Interact with both technical and business stakeholders, establish, and maintain relationships. Help drive vulnerability management service delivery end-to-end, from evaluation to resolution. Maintain all documentation, reporting and key performance indicators.
• Asset Detection: Support the asset lifecycle process by ensuring all discovered assets are aligned with various security tools and the CMDB. Leverage tools to identify unauthorized software. Work with asset owners to ensure unauthorized software is approved or removed from corporate assets.
• Business Interaction: Support the identification of stakeholders, manage exception processes, prepare, reporting as needed.
• Security Operation: Interact with other cybersecurity service delivery teams, to improve overall security posture: Develop and deliver risk analysis, lessons learned, improvement activities.
• Continuous Improvement: Participate in the further development of the vulnerability management service. Identify areas for improvement and support implementation.

• Minimum 5 years of experience in Information Technology (IT), Operation Technology (OT) or Information Security is required with at least 2 years of experience as an administrator of a Vulnerability Management.
• Experience at the corporate level of large, global organizations.
• Self-organized, ability to work in complex environment and to prioritize efficiently under high workload.
• Good exposure to security tools like Tenable, ServiceNow, Azure Security Center, Defender etc.
• Experience interacting with third party providers and with internal teams to resolve & close security vulnerabilities.
• Experience with relevant Frameworks and Security Standards (NIST, ISO, etc.)
• Experience with Threat analysis, CVSS Assessment, Risk Assessment, CWE Mapping.
• Knowledge of CSAF and VEX (huge bonus).
• Exceptional knowledge of security domains and cybersecurity tactics, techniques, and procedures.
• Excellent written and verbal communication with proven ability to interact with technical and non-technical stakeholders.
• Relevant Information Security Certifications (ISO/IEC 27035 Lead Incident Manager, CISSP etc.) are preferable.
• Demonstrated ability to effectively prioritize and balance multiple activities, especially in a remote work environment.
• Experience working in an international environment; No travel required.
• Fluency in verbal English and excellent English writing skills are essential.