General Summary: Honda Aircraft Company is looking for an Information Security Analyst to assist in building a world class operational security program in order to protect Honda Aircraft’s critical data and assets. The ideal candidate must demonstrate conceptual understanding of information security concepts and environments, and the ability to work in a team environment. S/he should be able to work with a cross-functional, multidisciplinary, multi-department, global team to develop robust, cross-platform solutions.
Duties and Responsibilities:
- Performs network and application technical vulnerability assessments using vulnerability assessment tools.
- Performs penetration testing activities to detect vulnerabilities and attack chains.
- Utilizes penetration testing skills to conduct analyses to gather deeper situational awareness and provide greater security insight of the environment.
- Lead the Security Awareness efforts, including facilitating presentations on topics of relevance, evaluating and implementing awareness training
- Assist in networksecurity efforts including Data Loss Prevention, Intrusion Prevention and SIEM analysis
- Test security measures including OS patches, system hardening, and application configuration
- Monitor, review and troubleshoot alerts
- Review, interpret and adapt customer, regulatory and corporate security and compliance requirements into technical design options
- Apply knowledge of technical, analytical skills to ensure the confidentiality, integrity, and availability of all information systems assets and ensure compliance with company policies, procedures, contractual, and regulatory requirements.
- Produce security policies, standards, and guidelines
- Perform security research
- Produce securityrisk advisories based on newly identified threats and risk assessment
- Assist in performing IT audit, third party evaluations, and risk assessment activities
Education, Work Experience, Certification and/or Licensure:
- 3+ years’ work experience in Information Security in an enterprise network
- Bachelor’s degree in Information Technology, Computer Science or a related discipline, or equivalent work experience
- A recognized information security certification or accreditation such as Security+, CISSP, or CEH is a plus.
Knowledge, Skills and Abilities:
- Fundamental understanding of penetration testing techniques and technologies
- Fundamental understanding of application development security concepts such as OWASP Top 10 Vulnerabilities
- Fundamental understanding of Active Directory administration and Windows authentication
- Fundamental understanding of security technologies such as SIEM, IDS/IPS, Web filters, two factor authentication, web application firewalls
- Fundamental understanding of Malware detection, analysis, exploitation, containment, and eradication techniques experience
- Experience with systems analysis including, but not limited to: Gathering requirements from stakeholders, Constructing RFP/RFQs, devising and planning proof-of-concepts, defining use and test cases, driving critical securityinfrastructure projects, creating cogent status reports for senior management, strong technical understanding of vulnerabilities, and how attackers can exploit vulnerabilities to compromise systems.
- Excellent verbal, written, and presentation skills; in particular, demonstrated ability to effectively communicate technical and business issues and solutions to multiple organizational levels internally and externally as needed
- Knowledge of security frameworks and governance such as NIST, ISO27000 series, HIPAA, GDPR, PCI-DSS
- Solid analytical and problem solving skills; ability to think strategically and turn ideas into actions
- Familiarity with Project Management concepts.
- Familiarity with scriptinglanguages such as Python
- Ability to work with little supervision and consistently deliver results
- Incumbents may be routinely exposed to equipment operational noise heat-cold-dust, and/or aircraft equipment, parts, or fuel odors.
- Incumbents may be required to stand, sit, squat, walk, bend, climb ladders, move, reach, or stretch for prolonged time periods with no restrictions, as required by job duties.
- Work in a safe and professional manner while adhering to all regulatory requirements (FAA, OSHA, DOT, EPA, State, and Federal regulations, etc.).
- Read, hear, speak, and see with no restrictions, as required by job duties.
- Comprehend and adhere to management directions and/or safety instructions with no restrictions.
- Effectively communicate in Business English language.
- Pull, push, carry, lift, or move items up to 10 lbs. throughout the work shift without assistance, as required by job duties.
- Pull, push, carry, lift or move materials/people/items/equipment weighing up to 50lbs or more during the work shift, with the use of Company provided “reach assistance technology” or “movement assist technology” (fork-lifts, pallet jacks, pulleys, dolly’s, robotics reach equipment, people movers etc.), as required by job duties