Description
s, Security Requirements Specifications, TARA reports, and V&V security plans.
• Provide expert technical support and define requirements for cybersecurity management activities in the operational phase of products (e.g., Vulnerability Management, Patch Management, Incident Response support for fielded systems, secure updates).
• Stay abreast of evolving cyber threats, vulnerabilities, technologies, and regulatory landscapes pertinent to railway and critical infrastructure systems.
Required Skills/Knowledge
• Proven experience in applying cybersecurity principles to Industrial Automation and Control Systems (IACS), Operational Technology (OT), or complex embedded systems.
• Strong understanding and practical experience with cybersecurity standards relevant to the railway sector, specifically:
o IEC 62443 series (especially parts 3-3, 4-1, 4-2).
o EN 50701.
• Familiarity with cybersecurity regulations for critical infrastructure, such as NIS2 / D.Lgs. 138/2024, and their impact on manufacturers.
• Demonstrable experience in defining and implementing Secure Development Lifecycle (SDL) processes, secure coding guidelines, and conducting/guiding security analysis (e.g., SAST/DAST) in software development environments, preferably with exposure to Model-Based Design.
• Proficiency in performing, facilitating, or reviewing Threat Analysis and Risk Assessment (TARA).
• Solid knowledge of cybersecurity architecture design principles for OT/embedded systems (e.g., Zone & Conduit methodology, network segmentation, secure interfaces, hardening).
• Understanding of cybersecurity challenges and management practices in the operational phase of long-lifecycle products, including vulnerability management, patch management, and incident response for deployed systems.
• Excellent analytical, problem-solving, and critical thinking skills with the ability to translate complex technical concepts into clear, actionable requirements.
• Strong communication and interpersonal skills to collaborate effectively with multidisciplinary teams and stakeholders.
Desired Skills/Knowledge
• Proven experience in applying cybersecurity principles to Rail Control Systems on complex embedded systems.
Education/Qualifications
• Bachelor's or Master's Degree in Computer Engineering, Automation Engineering, Telecommunications Engineering, Cybersecurity, or a closely related technical field.
• Relevant professional cybersecurity certifications (e.g., CISSP, ISA/IEC 62443 Cybersecurity Expert, CSSLP, CISM, CompTIA Security+) are highly desirable.
Languages
• Fluent Knowledge of English (written & spoken).
• Proficient Knowledge of Italian (written & spoken).
Thank you for your interest in Hitachi Rail. If your application is of interest, we will be in contact. Please do not hesitate to discover more about us and our latest jobs at .
At Hitachi Rail, there is a place for everyone. We welcome and value differences in background, age, gender, sexuality, family status, disability, race, nationality, ethnicity, religion, and world view. It is our commitment to create an inclusive environment - we are proud to be an equal opportunity employer.
Mandatory inclusions (optional, for local compliance purposes)
We would be delighted if you would be one of our followers at
#LI-DC1
Thank you for your interest in Hitachi Rail. If your application is of interest, we will be in contact. Please do not hesitate to discover more about us and our latest jobs at .
At Hitachi Rail, there is a place for everyone. We welcome and value differences in background, age, gender, sexuality, family status, disability, race, nationality, ethnicity, religion, and world view. It is our commitment to create an inclusive environment - we are proud to be an equal opportunity employer.
We would be delighted if you would be one of our followers at