Product Security Specialist

Location:

Krakow, Lesser Poland, Poland

Job ID:

R0096795

Date Posted:

2025-06-23

Company Name:

HITACHI ENERGY SERVICES SP. Z O.O.

Profession (Job Category):

IT, Telecom & Internet

Job Schedule: 

Full time

Remote:

No

Job Description:

General information:

Hitachi Energy, is looking for a highly motivated Product Security Specialist, to be responsible to Establish an Enterprise Approach to Product Risk Management. We are an energy technology company with engineers, digital pioneers, creators, and innovators at our core. We do more than keep the lights on, our purpose is to inspire sustainable progress.

Responsibilities:

Review the current state of Product Risk generated by security control testing and vulnerability management activities. Provide technical tool integration and architect guidance regarding product cybersecurity vulnerability identification, remediation, and response to the business and Enterprise Risk Management reporting. Lead the development of innovative solutions and drives implementation of new tools and technologies related to Product risk management and report activities that meet customer requirements and define risk maturity goals. Product Security content management with standard assessment and risk review documentation for audit and compliance reporting. Support implementation of best security practice methods, processes, tools, and continuous improvement initiatives aimed at scaling and increasing the efficiency of Hitachi Energy processes. Establish an oversight on the end-to-end Product risk management process on the corporate level with Enterprise risk management and define a way to track and ensure the product standards and exception policy is followed correctly. Set up a best practice and operational process for full transparency and mitigation of Products Risk Conduct Product risk impact assessment with the business unit for risk remediation tracking and reporting. Drive awareness of product vulnerability findings across the developer community for a secure development life cycle practice, hardening systems, vulnerability, and code scanning management. Track global Cyber regulations, security audits, and reviews to ensure policies and processes are followed. Complete understanding of inherent risk in Product Security management.

Your background:

Master or higher degree in Computer Science, Software Engineering, or related qualification, and demonstrated capability through past employment experience. Around 8+ years of experience in vulnerability management with customers in IT and industrial systems and an in-depth understanding of cyber security technology, solution, and processes, especially in the area of vulnerability handling management, incident response handling, and risk management Strong project management skills: planning, organizing, monitoring, and reporting on project activities. Security Audit experience a plus. Strong analytical problem-solving skills and practical cyber security experience. Capable of understanding and communicating complex cybersecurity requirements. Strong communication skills such as planning and leading effective meetings, conducting structured interviews to collect information, interpersonal and negotiation skills, and presenting to various audiences. Security industry certification such as SANS GIAC or industrial control system-related certifications a plus Working experience in Product Security is a plus and not mandatory.

Qualified individuals with a disability may request a reasonable accommodation if you are unable or limited in your ability to use or access the Hitachi Energy career site as a result of your disability. You may request reasonable accommodations by completing a general inquiry form on our website. Please include your contact information and specific details about your required accommodation to support you during the job application process.

This is solely for job seekers with disabilities requiring accessibility assistance or an accommodation in the job application process. Messages left for other purposes will not receive a response.