Senior Information Assurance Analyst - Security Architecture / Vulnerability Management

Date: Mar 27, 2024

Location: Honolulu, Hawaii (HI), US, 96814

Company: hawaiianel

We recognize our competitive advantage -- our people. We believe in our people, who share our vision of meeting the needs of our employees, customers, and communities and who carry out the continued success of the company.

 

Our employees are committed to the company's foundational values: integrity, excellence, teamwork, environmental stewardship, and community commitment. In turn, we invest in our employees, providing opportunities for challenge and advancement and offering a competitive compensation package.

 

Posting End Date:  at 11:59PM HST

 

BRIEF POSTING DESCRIPTION:

The P EJ INFORMATION ASSURANCE Department of the P INFORMATION ASSURANCE Division at Hawaiian Electric Company has 3 Management vacancies available. (Role: PROFESSIONAL)

 

 

JOB FUNCTION (Security Architecture):

  • Reports directly to the Information Assurance Manager.  Serves as a mentor to others in the department on Information Security Architecture reviews and risk and control assessments, including the development of detailed plans and requirements for information systems’ security controls and security monitoring solutions.
  • Provides consulting-level knowledge and expertise for the Information Assurance (IA) department functions, which includes development of information security policies & standards, information risk management, information technology (IT) and operational technology (OT) compliance, and secure integration of grid technologies and cloud services.
  • Coordinates ongoing compliance reviews with Process Area representatives
  • Assists in developing practices and procedures to ensure that cost-effective information security and IT controls are in place.

 

JOB FUNCTION (Vulnerability Management):

  • Reports directly to the Information Assurance Manager.  Serves as a mentor to others in the department on Vulnerability Management, including program development, coordination, and reporting.
  • Provides consulting-level knowledge and expertise for the Information Assurance (IA) department functions, which includes development of information security policies & standards, information risk management, information technology (IT) and operational technology (OT) compliance, and secure integration of smart grid technologies.
  • Coordinates ongoing compliance reviews with Process Area representatives
  • Assists in developing practices and procedures to ensure that cost-effective information security and IT controls are in place.

 

ESSENTIAL FUNCTIONS:

  • Supports information security risk assessments and recommends mitigating controls and solutions for IT and OT projects and applications, including proposals for externally hosted applications and new utility technology projects.
  • Assists with program development and management for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs.
  • Supports the detailed review and approval processing for various IT policies, processes, and procedures necessary to support the Company’s information security and compliance requirements. 
  • Ensures that adequate and proper internal controls and CobiT framework-based IT policies, processes, practices, and standards are developed, maintained, and tested for quality assurance in order to meet the Company’s Sarbanes-Oxley (SOX), Privacy and other compliance needs.
  • Supports the IT business continuity planning, IT disaster recovery planning, and the Company’s Computer Security Incident Response Team (CSIRT).
  • Participates in Company emergency response activities as assigned, including any activities required to prepare for such emergency response.

 

BASIC QUALIFICATIONS:

Knowledge Requirements

  • Computer networking concepts and protocols, and network security methodologies.
  • Risk management processes (e.g., methods for assessing and mitigating risk).
  • Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Cyber threats and vulnerabilities.
  • Cryptography and cryptographic key management concepts.
  • Data backup and recovery concepts.
  • Host/network access control mechanisms (e.g., access control list, capabilities list).
  • Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Programming language structures and logic.
  • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Network attacks and a network attack’s relationship to both threats and vulnerabilities.
  • System administration, network, and operating system hardening techniques.
  • Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks),
  • Different cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • Different cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
  • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Specific operational impacts of cybersecurity lapses.
  • Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Ethical hacking principles and techniques.
  • Penetration testing principles, tools, and techniques.

 

Skills Requirements

  • Conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Assessing the robustness of security systems and designs.
  • Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
  • Mimicking threat behaviors.
  • Use of penetration testing tools and techniques.
  • Use of social engineering techniques (e.g., phishing, baiting, tailgating, etc.).
  • Use of network analysis tools to identify vulnerabilities (e.g., fuzzing, nmap, etc.).
  • Reviewing logs to identify evidence of past intrusions.
  • Conducting application vulnerability assessments.
  • Performing impact/risk assessments.
  • Developing insights about the context of an organization’s threat environment.
  • Collaborating with teammates and other employees.
  • Communicating effectively in writing and verbally.

 

Experience Requirements

  • Advanced (7+ years) analysis and/or leadership experience in a multi-level service or consulting organization, preferably in an information technology, application security, network security or quality assurance capacity. Information security experience is required.
  • One or more of the following certifications are highly preferred:

                   - Certified Information Systems Security Professional (CISSP)

                   - Certified Information Security Manager (CISM)

                   - Certified Authorization Professional (CAP) 

                   - GIAC Security Leadership (GSLC)

 

Role: PROFESSIONAL 

Number of Vacancies: 3 

Work Schedule: Monday - Friday

Work Hours: 7:30 am - 4:00 pm

Location: Honolulu – Oahu

Hiring Range: The hiring range for the Senior Information Assurance Analyst [Req ID 8692] position is $105,600.00 to $137,100.00. The person selected will be placed according to his/her skills and qualifications. 

 

About Hawaiian Electric Companies
Hawaiian Electric Companies provide electricity and services to 95 percent of the state's 1.4 million residents. The company is also one of the state's leading employers and a major contributor and supporter of community and educational programs.

The demand for power that has fueled the growth of the Hawaiian Islands has been met by Hawaiian Electric Companies for well over a century. And as the next millennium unfolds, the company is committed to providing quality service and seeking clean local energy sources to power generations of Hawaii families and businesses to come. Visit us at http://hawaiianelectric.com.

Interested individuals should apply online. The application must clearly indicate the demonstrated experience/knowledge/skills/abilities the candidate possesses which specifically qualifies him/her for the position.

 

Applicant Certification
By submitting an application for the position, candidates:
1. Authorize the Hawaiian Electric Companies to confirm all statements contained in the application and/or any materials submitted and made a part of the application as they relate to the position and to the extent permitted by law;
2. Authorize and consent to, without reservation, the Hawaiian Electric Companies sharing any and all information regarding previous or present employment, educational training or personal information from their records and from any other source with the hiring department or subsidiary company;
3. Release, discharge, and hold harmless, Hawaiian Electric Companies, from any and all liability for any damage which may be claimed as a result of furnishing such information to the hiring department or subsidiary company;
4. Authorizes release and transfer of all personnel records to be maintained by the hiring company in the event of an inter-company transfer; and
5. Authorize, direct, and consent to Hawaiian Electric Companies and/or its authorized agents to conduct investigations into candidates' background. These investigations may include, but are not limited to searches for information about applicants; record of criminal convictions to the extent permitted by law, education records, professional certifications, personal character references, and employment history.

 

EEO Statement
Hawaiian Electric Companies is an equal employment opportunity/affirmative action employer. We actively seek diversity among our employees. We do not discriminate on the basis of age, race, color, religion, sex/gender (including gender identity/expression), ancestry/national origin, disability, marital status, arrest and court record, sexual orientation, pregnancy, veteran status, genetic information, domestic or sexual violence victim status, or other protected categories in accordance with state and federal laws. We further encourage individuals with disabilities, minorities, veterans and women to apply.

 

Hawaiian Electric Companies complies with Title I of the Americans with Disabilities Act. Any request for reasonable accommodation needed during the application process should be communicated by the candidate to the HR Service Center at (808) 543-4848.

 

Affiliate Disclaimer
Hawaiian Electric Company, Inc., Maui Electric Company, and Hawaii Electric Light (“Company”) are Hawaii Public Utilities Commission (“PUC”) regulated companies. The disclosure relating to Affiliate Transaction Requirements that follows is made pursuant to the PUC’s Decision and Order No. 35962, issued on December 19, 2018, and subsequently modified by Order No. 36112, issued on January 24, 2019 in Docket No. 2018-0065.

By submitting your application, you understand and acknowledge that, if you are hired by the Company and subsequently transferred, assigned or otherwise employed by an Affiliate, said Affiliate will be required to make a one-time payment to the Company in an amount up to twenty-five percent (25%) of your base annual compensation.  

In addition, if you are hired by the Company and subsequently transferred, assigned or otherwise employed by an Affiliate or an Affiliate-Related Entity, for a period of one year, you cannot appear in negotiations or otherwise interact directly with the Company or work on the same matter that you worked on while with the Company. 

Affiliate is defined as “any person or entity that possesses an ‘affiliate interest’ in a utility as defined by section 269-19.5, Hawaii Revised Statutes (“HRS”), including a utility’s parent holding company, except as otherwise provided by HRS section 269-19.5(h).”

Affiliate-Related Entity is defined as “a third party that provides electricity-related services in a regulated utility’s service territory that has a material financial, operational, or ownership interest with an unregulated affiliate of the utility and of whom the utility has reasonable knowledge.” 

For a current list of all Affiliates and Affiliate-Related Entities, please see:
https://www.hawaiianelectric.com/about-us/key-performance-metrics/financial/affiliate-transactions

This list may be amended, updated or revised from time to time without notice.  


Nearest Major Market: Honolulu
Nearest Secondary Market: Hawaii