100% customer facing position with the mission of managing technical security controls and effectively managing and communicating vulnerabilities, exploits, and incidents to appropriate operations teams while tracking metrics in order to assist the customer in managing risk. Primary purpose to provide day-to-day management of the client's security infrastructure or day-to-day monitoring, management, and response to security events.
Security Architecture Roles:
65% - Perform security assessments or review for Hawaiian Telcom (HT) customer's enterprise environment. While working with customer technical and executive staff, review the state of various technical and organizational controls processes, and policies. Perform gap analysis, comparing state to widely accepted best practices from vendors, regulatory and compliance bodies, and the security community at large. Document these gaps, along with sensible and relevant recommendations, in findings reports that satisfy the needs of both a technical and non-technical audience.
15% - Perform vulnerability scans and penetration tests of HT customer environments and controls. Using expertise in operation of commercial and open-source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers. Assessment types will include social engineering and phishing, wireless, mobile device, and physical security, and web application penetration tests.
15% - HT customer staff with security needs. Provide recommendations for security architecture, processes and technologies. Write technical policy, processes, procedures, standards and other documentation. Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting-edge security technologies. Attend security conferences and participate in local security community events. Evaluate products and tools that can improve the security services team's offerings, and provide value to customers.
5% - Leadership role in cultivating and maintaining relationship with HT customer, vendors and partners
Security Operations Roles:
60% - Act as technical SME and work all technical escalations from the security operations team including outages and incidents. Lead technical troubleshooting or incident handling events/calls on behalf of the client's security operations team and with the Network, Compute, and Client Operations Teams, internal and external information providers, and others as appropriate.
15% - Lead all aspects of planning, documentation, and process development of HT client's global security operations; Drive develop of technical procedures and guidelines for implementation and management of Security services as they relate to the global operations team
10% - Lead technical project efforts for the client's security operations team.
10% - Leadership role in cultivating and maintaining relationships with customers
5% - Participate in expansion of new opportunities with existing customers as they expand their global security operations requirements
Four years of College resulting in a Bachelor's Degree or equivalent
One or more of the following certifications dependent on actual role:
Advanced GIAC/SANS certifications - GCIH, GCIA, GCFE, GCFA, GREM, GIAC, GSEC, GWAPT
6 to 7 years of experience
Previous job experience: Senior level roles as IT Security Architect, IT Security Engineer, IT Security Auditor, Cyber-Security Analyst, Cyber-Intelligence Analyst
Ability to work independently for extended periods of time with a consultative approach, able to make "command decisions", and exhibit leadership skills to be the "go to" person. Must be a team player, and possess the ability to lead technical, troubleshooting and design scenarios.
Strong auditing, assessment and enterprise security architecture development skills should be key focus in career history.
Experience with technical training and instruction
Experience with public speaking and presentation on technical topics
Enterprise IT security architectures experience in a broad range of disciplines including networking, systems, applications, and cloud computing environments.
Experience with enterprise host protection systems, enterprise vulnerability management, network security tools such IPS/IDS, and/or experience with attack tactics, techniques, and procedures used by the APT, Cyber Crime and other associated threat groups.
Excellent verbal and written communications skills.
Dependent on position, strong demonstrated skills in multiple enterprise-level OS environments including Microsoft Windows, Linux, and Unix.
Strong understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies)
Exceptional research and analysis experience
Risk assessment experience
Dependent on actual role, direct CIRT experience with a targeted (APT) and crimeware threat program.
Knowledge of information security threat types, their composition, and IOCs
Dynamic Malware Analysis Experience
Knowledge of attacker tactics, techniques, and procedures (TTPs) used by the APT, Cyber Crime and other associated threat groups
Knowledge of computer security incident investigation and response
Experience analyzing common types of attacks, cybercrime, APT, etc...
Experience with Splunk or similar Log analysis tools and experience reviewing security events
Experience reviewing, analyzing, and providing reporting on ongoing Intel gathering from various classified, sensitive, as well as open source intelligence sources
Deep internal knowledge of the MS Windows operating system, file system, registry, processes, and communications as well as collection and analysis techniques.
Knowledge of intrusion analysis, network and host forensics
Scripting experience is a plus (Python, Perl, Ruby, etc.)
Dependent on actual role, the following direct experiences and knowledge:
Working knowledge and experience with standard security solutions and architectures
Working knowledge of application architectures, web architectures, databases, and network architectures
Experience in Securing Windows NT, Windows 2000, Windows XP Environments, Unix, and Linux environments
Experience in securing J2EE Application (Weblogic, JBOSS) and Web Server (SunOne, Apache) platforms
Familiarity with accepted security standards - ISO27K, NIST 800-53, SANS Consensus Audit Guidelines - as well as regulatory compliance regulations - PCI-DSS, Sarbanes-Oxley, HIPAA/HITECH, FFIEC, FISMA, FERC/NERC and trade control regulations (aka export controls) for DoS (State Department), DoC (Commerce Department) and DoE/NRC (Energy Department, Nuclear Regulatory Commission)
Experience in securing distributed applications
Experience with encryption technologies
Experience in secure network configurations
Solid communication skills (leading, influencing experience), verbal and written, including documentation (design and training) and the coaching of other developers as they migrate to portal frameworks.
Experience securing Relational Databases (e.g. Oracle)
Experience with security testing and auditing tools such as WebInspect, Qualys/ISS Scanners and nmap.
Dependent on actual role, a DoD Secret security clearance may be required
No Supervisory Responsibility