We are seeking a Senior Information Assurance Analyst to join our team at Hawaiian Electric Company. The successful candidate will have advanced analysis and/or leadership experience in information technology, application security, network security, or quality assurance.
Requirements
- Computer networking concepts and protocols, and network security methodologies.
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Cyber threats and vulnerabilities.
- Cryptography and cryptographic key management concepts.
- Data backup and recovery concepts.
- Host/network access control mechanisms (e.g., access control list, capabilities list).
- Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- Traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Programming language structures and logic.
- System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Network attacks and a network attack’s relationship to both threats and vulnerabilities.
- System administration, network, and operating system hardening techniques.
- Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
- Different cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
- Different cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
- Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Specific operational impacts of cybersecurity lapses.
- Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
- Ethical hacking principles and techniques.
- Penetration testing principles, tools, and techniques.
- Conceptual knowledge of National Institute and Standards and Technology (NIST) Standards, ISO 27000 series, OWASP, and other security related frameworks and standards.
- Conceptual knowledge of utility business and related Operational Technology Systems (SCADA, DCS, etc.).
Benefits
- Competitive compensation package
- Opportunities for challenge and advancement
- 401k Matching
- Generous Paid Time Off
- Retirement Plan
- Visa Sponsorship
- Four Day Work Week
- Generous Parental Leave
- Tuition Reimbursement
- Relocation Assistance
