Apply on Employer Site

Hawaiian Telcom · 1 day ago

Security Engineer IV

Honolulu, HI

Full-time

Onsite

Mid, Senior Level

$100K/yr - $150K/yr

7+ years exp

Hawaiian Telcom is seeking a Security Engineer IV to manage technical security controls and communicate vulnerabilities to operations teams. This role involves performing security assessments, vulnerability scans, and leading technical projects while providing insights and recommendations to enhance security measures.

Information TechnologyPublic RelationsTelecommunications

No H1B

Security Clearance Required

Responsibilities

Perform security assessments or review of both inter-company and external customer's enterprise environment

Perform gap analysis, comparing state to widely accepted best practices from vendors, regulatory and compliance bodies, and the security community at large

Document these gaps, along with sensible and relevant recommendations, in findings reports that satisfy the needs of both a technical and non-technical audience

Perform vulnerability scans and penetration tests of customer environments and controls

Using expertise in operation of commercial and open-source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers

Assessment types will include social engineering and phishing, wireless, mobile device, and physical security, and web application penetration tests

Assist internal staff with security needs

Provide recommendations for security architecture, processes and technologies

Write technical policy, processes, procedures, standards and other documentation

Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting-edge security technologies

Attend security conferences and participate in local security community events

Evaluate products and tools that can improve the security services team's offerings, and provide value to customers

Leadership role in cultivating and maintaining relationship with internal and external customers, vendors and partners

Act as technical SME and work all technical escalations from the global security operations team including outages and incidents

Lead technical troubleshooting or incident handling events/calls on behalf of the client's security operations team and with the Network, Compute, and Client Operations Teams, internal and external information providers, and others as appropriate

Lead all aspects of planning, documentation, and process development of client's global security operations; Drive develop of technical procedures and guidelines for implementation and management of Security services and ensure compliance with requirements

Lead technical project efforts for the client's security operations team

Participate in expansion of new opportunities with existing customers as they expand their global security operations requirements

Provide insight and demonstrated technical leadership to the global security operations marketplace

Must be available 24x7 for emergencies and call outs

Qualification

Advanced GIAC/SANS certificationsOffensive Security certificationsCISSPEnterprise IT security architecturesRisk assessment experienceSplunkSimilar toolsDynamic Malware AnalysisNetwork communications knowledgeIntrusion analysis knowledgeTechnical training abilityPublic speakingExceptional research skillsCoaching experienceCommunication skills

Required

Four years of College resulting in a Bachelor's Degree or equivalent

7 to 10 years in related field

Experience in senior level roles such as IT Security Architect, IT Security Engineer, IT Security Auditor, Cyber-Security Analyst, Cyber-Intelligence Analyst

Must be able to obtain additional federal security clearances

Ability to conduct technical training and instruction

Experience with public speaking and ability to present on technical topics

Enterprise IT security architectures experience in a broad range of disciplines including networking, systems, applications, and cloud computing environments

Dependent on position, strong demonstrated skills in multiple enterprise-level OS environments including Microsoft Windows, Linux, and Unix

Strong understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies)

Exceptional research and analysis experience

Risk assessment experience and auditing experience

Dependent on actual role, direct CIRT experience with a targeted (APT) and crimeware threat program

Knowledge of information security threat types, their composition, and IOCs Dynamic Malware Analysis Experience

Knowledge of attacker tactics, techniques, and procedures (TTPs) used by the APT, Cyber Crime and other associated threat groups

Experience analyzing common types of attacks, cybercrime, APT, etc

Experience with Splunk or similar Log analysis tools and experience reviewing security events

Knowledge of intrusion analysis, network and host forensics

Scripting experience is a plus (Python, Perl, Ruby, etc.)

Dependent on actual role, the following direct experiences and knowledge

Working knowledge and experience with standard security solutions and architectures

Working knowledge of application architectures, web architectures, databases, and network architectures

Experience in Securing Windows NT, Windows 2000, Windows XP Environments, Unix, and Linux environments

Experience in securing J2EE Application (Weblogic, JBOSS) and Web Server (SunOne, Apache) platforms

Familiarity with accepted security standards - ISO27K, NIST 800-53, SANS Consensus Audit Guidelines - as well as regulatory compliance regulations - PCI-DSS, Sarbanes-Oxley, HIPAA/HITECH, FFIEC, FISMA, FERC/NERC and trade control regulations (aka export controls) for DoS (State Department), DoC (Commerce Department) and DoE/NRC (Energy Department, Nuclear Regulatory Commission)

Experience in secure network configurations

Solid communication skills (leading, influencing experience), verbal and written, including documentation (design and training) and the coaching of other developers as they migrate to portal frameworks

Experience securing Relational Databases (e.g. Oracle)

Experience with security testing and auditing tools such as WebInspect, Qualys/ISS Scanners and nmap

Preferred

One or more of the following certifications dependent on actual role: Advanced GIAC/SANS certifications - GCIH, GCIA, GCFE, GCFA, GREM, GIAC, GSEC, GWAPT Or Offensive Security - OSCP, OSWP, OSWE ISACA CISM, CISA ISC-squared CISSP CompTIA Security+