The opportunity:
Power demand is changing fast. Renewable generation is one part of that story, but so is the rapid growth of electrification, data centres, and AI-driven infrastructure. Hitachi Energy operates in the middle of this shift, helping build and run the power systems that will support the next generation of industry and society.
The Cyber Defense Center (CDC) protects Hitachi Energy’s global operations by bringing together security signals from across the enterprise into a centralized detection and response capability. We manage cybersecurity incidents across IT, OT/ICS, cloud, suppliers, customers, and products, with a clear focus on minimizing business impact.
This role is broader than a traditional SOC analyst position. It sits within Hitachi Energy’s enterprise incident response capability and requires cross-domain coordination, business engagement, and operational awareness across IT, OT, suppliers, customers, and products.
You will work in a hybrid SOC and CSIRT model. That means technical investigation is a core part of the role, but so is helping the organization understand what is happening, what matters, and what needs to happen next. You will support monitoring together with our MSSP, investigate incidents, work with Incident Managers during serious events, and help connect technical findings to business decisions.
We want to be clear: this is a wide-domain role. You will not be expected to know everything on day one, but you do need to be comfortable learning across domains, working through ambiguity, and solving problems that do not come with a ready-made playbook. If you want a narrow alert-queue role, this is not it. If you want broad incident response experience across a global enterprise, this is a strong opportunity.
We are also investing in the future of cyber defense. Within the CDC, we are using AI-enabled tools and building custom AI capabilities to respond to a changing offensive and defensive landscape. We are actively supporting our teams in learning AI engineering as part of their security work. We believe the future of cyber defense will include analysts and responders directing teams of AI, and this role offers the chance to start building those skills now.
How you’ll make an impact:
- Investigate and help coordinate response to cybersecurity incidents across IT, OT/ICS, cloud, suppliers, customers, and products.
- Support continuous monitoring and incident handling in partnership with our MSSP and internal stakeholders.
- Triage alerts and incidents using SIEM, EDR, SOAR, threat intelligence, and forensic techniques.
- Work with Incident Managers, threat hunters, technical teams, and business stakeholders during active incidents.
- Turn technical findings into clear situational awareness: what happened, what is affected, how serious it is, and what needs to happen next.
- Support investigation of ransomware, account compromise, data breaches, supply chain incidents, product security events, and other high-priority cases.
- Apply investigative and forensic methods to determine scope, attacker activity, and business impact.
- Contribute to post-incident reviews, reporting, lessons learned, and response improvements.
- Help improve playbooks, automation, detection logic, and escalation workflows.
- Support regulatory, contractual, and internal reporting activities when required.
- Contribute to the team’s use of AI-enabled workflows and the development of practical AI-assisted defensive operations.
- Responsible for ensuring compliance with applicable external and internal regulations, procedures, and guidelines.
- Living Hitachi Energy’s core values safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.
Your background:
- Should have bachelor’s or master’s degree in computer science, Cybersecurity, Information Security, or a related technical field.
- Must have two (2) years of experience in Security Operations, Incident Response, Threat Hunting, Digital Forensics, or a related cybersecurity function.
- Hands-on experience with SIEM platforms such as Microsoft Sentinel or Elastic and EDR platforms such as CrowdStrike or Microsoft Defender. SOAR experience is a plus.
- Good knowledge of network protocols, Windows and Linux systems, cloud environments, and attacker TTPs, including MITRE ATT&CK.
- Strong analytical and problem-solving ability, including the ability to investigate incomplete or ambiguous situations and move them forward.
- Strong written and spoken English, with the ability to explain technical issues clearly to both technical and non-technical audiences.
- Comfort working across multiple domains, even where you are still building experience.
- Ability to operate in a global, high-pressure incident response environment, including on-call rotations when required.
- Interest in how AI is changing cybersecurity and willingness to learn how AI tools and AI engineering can support defensive work.
- Integrity, accountability, and a collaborative working style.
- Proficiency in both spoken & written English language is required.
