Information Assurance Analyst - Oahu

Hawaiian Electric CompaniesHonolulu, HI
Onsite

About The Position

The P EJ INFORMATION ASSURANCE Department of the P INFORMATION ASSURANCE Division at Hawaiian Electric Company has 2 Management vacancies available. This role performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, policies, or guidance. It measures the effectiveness of defense-in-depth architecture against known vulnerabilities, assists with risk assessments, and the development of security architecture solutions and technologies. The role also supports the development of detailed proposals and plans for new information security systems and controls to enhance or enable new capabilities for network or hosted applications, and conducts ongoing compliance reviews, assisting in developing practices to ensure adequate information security and IT controls.

Requirements

  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of cryptography and cryptographic key management concepts.
  • Knowledge of data backup and recovery concepts.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list).
  • Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • Knowledge of traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of programming language structures and logic.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of network attacks and a network attack’s relationship to both threats and vulnerabilities.
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • Knowledge of different cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • Knowledge of different cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.).
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Knowledge of ethical hacking principles and techniques.
  • Knowledge of penetration testing principles, tools, and techniques.
  • Skills in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skills in assessing the robustness of security systems and designs.
  • Skills in detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
  • Skills in mimicking threat behaviors.
  • Skills in the use of penetration testing tools and techniques.
  • Skills in the use of social engineering techniques (e.g., phishing, baiting, tailgating, etc.).
  • Skills in the use of network analysis tools to identify vulnerabilities (e.g., fuzzing, nmap, etc.).
  • Skills in reviewing logs to identify evidence of past intrusions.
  • Skills in conducting application vulnerability assessments.
  • Skills in performing impact/risk assessments.
  • Skills in developing insights about the context of an organization’s threat environment.
  • Skills in collaborating with teammates and other employees.
  • Skills in communicating effectively in writing and verbally.
  • Entry Level: 1-3 years of experience in Systems administration, basic cyber analysis/operations, cyber threats, risk management, network management, IT system design, cloud deployment or wireless networking.
  • Associates Degree or equivalent work experience in Computer science, cybersecurity, information technology, software engineering, information systems, computer engineering.
  • Obtain within the first six months of employment one or more of the following Certifications A+ CE, CCNA-Security, CND, Network+ CE, SSCP, CCNA Security, CySA+ (CSA+), GICSP, GSEC, Security+ CE, CND, SSCP (Other certification will be considered).
  • Intermediate Level: 4-7 years of experience in information assurance, incident handling, risk management, vulnerability management and analysis, and assistance programs.
  • Bachelor’s degree (or higher) in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering.
  • One or more of the following Certifications A+ CE, CCNA-Security, CND, Network+ CE, SSCP, CCNA Security, CySA+ (CSA+), GICSP, GSEC, Security+ CE, CND, SSCP (Other certification will be considered).

Responsibilities

  • Performs information security risk assessments and recommends mitigating controls and solutions for IT and Operations Technology (OT) projects and applications, including proposals for externally hosted applications and new utility technology projects.
  • Assists with the system assessments for conformance with configuration control, policy, and guidance.
  • Assists with program development and management for privacy, e-discovery, security awareness training, digital forensics, vulnerability remediation, and other security and compliance programs.
  • Performs miscellaneous administrative roles such as schedule development, information tracking, updating deliverables and other work assigned.
  • Supports the Company’s business continuity planning, IT disaster recovery planning, cybersecurity incident response planning and team (CS-IMT), with occasional on-call support.
  • Participates in Company emergency response activities as assigned, including any activities required to prepare for such emergency response.

Benefits

  • Competitive compensation package
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service