Sr. SOC Engineer

Job Description This job is with Hitachi Digital Services, an inclusive employer and a member of myGwork the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. Our CompanyWe're Hitachi Digital, a company at the forefront of digital transformation and the fastest growing division of Hitachi Group. We're crucial to the company's strategy and ambition to become a premier global player in the massive and fast-moving digital transformation market. Our group companies, including GlobalLogic, Hitachi Digital Services, Hitachi Vantara and more, offer comprehensive services that span the entire digital lifecycle, from initial idea to full-scale operation and the infrastructure to run it on. Hitachi Digital represents One Hitachi, integrating domain knowledge and digital capabilities, and harnessing the power of the entire portfolio of services, technologies, and partnerships, to accelerate synergy creation and make real-world impact for our customers and society as a whole. Imagine the sheer breadth of talent it takes to unleash a digital future. We don't expect you to fit every requirement - your life experience, character, perspective, and passion for achieving great things in the world are equally as important to us. Meet Our Team We are the Global Cyber team, part of Global Information Security at Hitachi Digital. Our mission is to protect the company's and its customers vital information systems and data while responding to attacks, intrusions, and other security incidents. As passionate advocates of information security, we are a team of out-of-the-box thinkers, innovators, and collaborative problem-solvers. We continuously seek new and better ways to enhance our practices and strive for nothing less than excellence in our cybersecurity operations. We are looking for highly motivated individuals with a positive attitude who want to be part of something exceptional. What You'll Be Doing As a Red Teaming & Web Application Security Specialist, you will be responsible for conducting advanced offensive security assessments to identify vulnerabilities across applications, infrastructure, and processes. This role will blend adversary simulation (Red Team) exercises with deep web application penetration testing to proactively uncover and remediate security weaknesses before they can be exploited by malicious actors. Key Responsibilities Red Teaming & Adversary Simulation - Plan, execute, and document red team engagements simulating realistic cyberattacks against the organization's systems, applications, and users. - Emulate threat actors tactics, techniques, and procedures (TTPs) based on frameworks like MITRE ATT&CK. - Conduct physical security assessments, social engineering campaigns (phishing, vishing), and insider threat simulations as required. - Collaborate with the Blue Team to validate detection and response capabilities, providing actionable improvement plans. Web Application Security - Perform manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts. - Identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization. - Work with development teams to remediate findings and ensure secure coding practices. - Conduct source code reviews to detect and eliminate security flaws. Security Research & Tool Development - Develop and maintain custom tools, scripts, and exploits to enhance testing capabilities. - Stay current with emerging attack vectors, zero-days, and security trends. - Perform threat modeling and provide secure architecture recommendations. What You'll Bring - 7 years of experience in Web security and red teaming - Plan, execute, and document red team engagements simulating realistic cyberattacks against the organization's systems, applications, and users. - Emulate threat actors tactics, techniques, and procedures (TTPs) based on frameworks like MITRE ATT&CK. - Conduct physical security assessments, social engineering campaigns (phishing, vishing), and insider threat simulations as required. - Collaborate with the Blue Team to validate detection and response capabilities, providing actionable improvement plans. - Perform manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts. - Identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization. - Work with development teams to remediate findings and ensure secure coding practices. - Conduct source code reviews to detect and eliminate security flaws. - Develop and maintain custom tools, scripts, and exploits to enhance testing capabilities. - Stay current with emerging attack vectors, zero-days, and security trends. - Perform threat modeling and provide secure architecture recommendations. - If you are passionate about cybersecurity and ready to work with a top-tier SOC team, we invite you to join us at Hitachi Digital. About usWe're a global, 1000-strong, diverse team of professional experts, promoting and delivering Social Innovation through our One Hitachi initiative (OT x IT x Product) and working on projects that have a real-world impact. We're curious, passionate and empowered, blending our legacy of 110 years of innovation with our shaping our future. Here you're not just another employee; you're part of a tradition of excellence and a community working towards creating a digital future. Fostering innovation through diverse perspectives Hitachi is a global company operating across a wide range of industries and regions. One of the things that sets Hitachi apart is the diversity of our business and people, which drives our innovation and growth. We are committed to building an inclusive culture based on mutual respect and merit-based systems. We believe that when people feel valued, heard, and safe to express themselves, they do their best work. How We Look After You We help take care of your today and tomorrow with industry-leading benefits, support, and services that look after your holistic health and wellbeing. We're also champions of life balance and offer flexible arrangements that work for you (role and location dependent). We're always looking for new ways of working that bring out our best, which leads to unexpected ideas. So here, you'll experience a sense of belonging, and discover autonomy, freedom, and ownership as you work alongside talented people you enjoy sharing knowledge with. We're proud to say we're an equal opportunity employer and welcome all applicants for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, age, disability status or any other protected characteristic. Should you need reasonable accommodations during the recruitment process, please let us know so that we can do our best to set you up for success.