Overview
On Site
USD 90,000.00 - 120,000.00 per year
Full Time
Skills
Information Assurance
Impact Analysis
Information Architecture
Information Technology
Cloud Computing
Information Systems
Security Controls
GRID
Electronic Discovery
Security Awareness
Training
Digital Forensics
Patch Management
Internal Control
Regulatory Compliance
Business Continuity Planning
Disaster Recovery
Incident Management
Computer Networking
Risk Management
Authentication
Privacy
Cryptography
Management
Backup
Recovery
Access Control
ACL
Identity Management
PKI
OAuth
SAML
TCP
Internet
Intellectual Property
IP
Open Systems
OSI
IT Infrastructure
ITIL
Software Security
Scripting
SQL
PL/SQL
System Administration
Operating Systems
Hardening
Distribution
Network Security
Cyber Security
White Hat
Penetration Testing
ISO 9000
OWASP
SCADA
Network
Intrusion Detection
Snort
Apache Flex
Compensation Management
Screening
PASS
Finance
Insurance
Medicare
Business Transformation
Law
Job Details
Aloha! One of Hawaii's largest utility companies is seeking a Senior Information Assurance Analyst!
Description
JOB FUNCTION:
Oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance.
Provides consulting-level knowledge and expertise for the Information Assurance (IA) division, which includes development and enforcement of cybersecurity policies & standards, cybersecurity risk management activities, information technology (IT) and operational technology (OT) compliance, and secure integration of grid technologies and cloud services.
Supports development of detailed plans and provides requirements for information systems' security controls and security monitoring solutions.
Performs security control reviews to validate the security controls as designed are operating effectively.
Develops policies, standards, and procedures to ensure that security controls are adequately designed.
ESSENTIAL FUNCTIONS:
Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects.
Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs.
Supports detailed review and approval processing for various policies, processes, and procedures necessary to support the Company's cybersecurity security and compliance requirements.
Ensures that adequate and proper internal controls, processes, practices, and standards are developed, maintained, and tested in order to meet the Company's policy and compliance requirements.
Supports the business continuity planning, disaster recovery planning, and the Company's Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support.
BASIC QUALIFICATIONS:
Knowledge Requirements
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Cyber threats and vulnerabilities.
Cryptography and cryptographic key management concepts.
Data backup and recovery concepts.
Host/network access control mechanisms (e.g., access control list, capabilities list).
Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
Traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System Interconnection Model (OSI), Information Technology Infrastructure Library, current version (ITIL)).
Programming language structures and logic.
System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language (PL/SQL) and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Network attacks and a network attack's relationship to both threats and vulnerabilities.
System administration, network, and operating system hardening techniques.
Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks),
Different cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
Different cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Specific operational impacts of cybersecurity lapses.
Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
Ethical hacking principles and techniques.
Penetration testing principles, tools, and techniques.
Conceptual knowledge of National Institute and Standards and Technology (NIST) Standards, ISO 27000 series, OWASP, and other security related frameworks and standards.
Conceptual knowledge of utility business and related Operational Technology Systems (SCADA, DCS< etc.).
Additional Skills & Qualifications
Skills Requirements
Conducting vulnerability scans and recognizing vulnerabilities in security systems.
Assessing the robustness of security systems and designs.
Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
Mimicking threat behaviors.
Pay and Benefits
The pay range for this position is $90000.00 - $120000.00/yr.
Health and Wellness
Medical and Dental Insurance
Drug/Optical Plans
Flex Spending Accounts
Employee Assistance Program
Sick Leave
Long-Term Disability Insurance
Workers' Compensation
Health Screening
Wellness Education
Family/Lifestyle
Twelve Full Paid Holidays and Two Half-day Holidays
Vacation
Bonus Vacation Day for Taking Minimum Sick Leave
Voluntary Educational Assistance Program
Family and Medical Leave
Bus Pass Reimbursement
Adoption Expense Reimbursement Program
PATCH Enhanced Child Care Referral Program
Bereavement Leave
Financial Security
Group Life, Dependent Life, Accidental Death & Dismemberment Insurance
Social Security/Medicare
HEI Retirement Savings Plan (HEIRS)
Other Postretirement Benefits (medical, life, etc.)
Workplace Type
This is a hybrid position in Honolulu,HI.
Application Deadline
This position is anticipated to close on May 23, 2025.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Description
JOB FUNCTION:
Oversees or performs the assessments of Company systems and networks and identifies where those systems/networks deviate from cybersecurity policies, acceptable configurations, or guidance.
Provides consulting-level knowledge and expertise for the Information Assurance (IA) division, which includes development and enforcement of cybersecurity policies & standards, cybersecurity risk management activities, information technology (IT) and operational technology (OT) compliance, and secure integration of grid technologies and cloud services.
Supports development of detailed plans and provides requirements for information systems' security controls and security monitoring solutions.
Performs security control reviews to validate the security controls as designed are operating effectively.
Develops policies, standards, and procedures to ensure that security controls are adequately designed.
ESSENTIAL FUNCTIONS:
Performs cybersecurity assessments and provides security control requirements for IT and OT projects, including externally hosted applications and grid technology projects.
Develops and manages programs and processes for privacy, e-discovery, security awareness training, digital forensics, patch management, vulnerability remediation, and other security and compliance programs.
Supports detailed review and approval processing for various policies, processes, and procedures necessary to support the Company's cybersecurity security and compliance requirements.
Ensures that adequate and proper internal controls, processes, practices, and standards are developed, maintained, and tested in order to meet the Company's policy and compliance requirements.
Supports the business continuity planning, disaster recovery planning, and the Company's Cybersecurity Incident Management Team (CS-IMT), with occasional on-call support.
BASIC QUALIFICATIONS:
Knowledge Requirements
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Cyber threats and vulnerabilities.
Cryptography and cryptographic key management concepts.
Data backup and recovery concepts.
Host/network access control mechanisms (e.g., access control list, capabilities list).
Network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
Traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System Interconnection Model (OSI), Information Technology Infrastructure Library, current version (ITIL)).
Programming language structures and logic.
System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language (PL/SQL) and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Network attacks and a network attack's relationship to both threats and vulnerabilities.
System administration, network, and operating system hardening techniques.
Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks),
Different cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
Different cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Specific operational impacts of cybersecurity lapses.
Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
Ethical hacking principles and techniques.
Penetration testing principles, tools, and techniques.
Conceptual knowledge of National Institute and Standards and Technology (NIST) Standards, ISO 27000 series, OWASP, and other security related frameworks and standards.
Conceptual knowledge of utility business and related Operational Technology Systems (SCADA, DCS< etc.).
Additional Skills & Qualifications
Skills Requirements
Conducting vulnerability scans and recognizing vulnerabilities in security systems.
Assessing the robustness of security systems and designs.
Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
Mimicking threat behaviors.
Pay and Benefits
The pay range for this position is $90000.00 - $120000.00/yr.
Health and Wellness
Medical and Dental Insurance
Drug/Optical Plans
Flex Spending Accounts
Employee Assistance Program
Sick Leave
Long-Term Disability Insurance
Workers' Compensation
Health Screening
Wellness Education
Family/Lifestyle
Twelve Full Paid Holidays and Two Half-day Holidays
Vacation
Bonus Vacation Day for Taking Minimum Sick Leave
Voluntary Educational Assistance Program
Family and Medical Leave
Bus Pass Reimbursement
Adoption Expense Reimbursement Program
PATCH Enhanced Child Care Referral Program
Bereavement Leave
Financial Security
Group Life, Dependent Life, Accidental Death & Dismemberment Insurance
Social Security/Medicare
HEI Retirement Savings Plan (HEIRS)
Other Postretirement Benefits (medical, life, etc.)
Workplace Type
This is a hybrid position in Honolulu,HI.
Application Deadline
This position is anticipated to close on May 23, 2025.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.