IT Security Specialist for Vulnerability Management - Februrary 2022
For one of our clients we are looking for an IT Security Specialist for Vulnerability Management
Project description: The Vulnerability Management Service Optimization project is covering the elimination of the detected software vulnerabilities in the business systems and external resources. This includes remediation of the vulnerabilities in business applications (on-prem and cloud-based), operating systems (Windows, Linux), auxiliary software and web resources. The aim of the project is to reduce the overall attack surface (internal and external) thus improving security posture and minimizing risks of an IT landscape penetration and compromising.
Analyze security concepts provided by threat and vulnerability management team in order to identify vulnerabilities in all software layers, outdated, obsolete and not supported technologies, security gaps and insufficiencies of the existing security measures. Present the results to the Cyber Defense Center (CDC) accordingly including professional consulting about how to provide a sufficient security level of the vulnerable resources corresponding to the existing security standards and best practices along with corresponding measures.
Consult the business teams involved in the remediation regarding the ways of remediation of the detected security flaws and vulnerabilities, providing technical information required for vulnerabilities remediation. This can be done by email, in virtual meetings via MS teams or by phone. The progress will be visible on the amount of detected vulnerabilities processed from the queue.
Consult the external parties and service providers involved in the vulnerabilities remediation process. Control and validate the timelines and the quality of the offered and implemented remediation. The quality standards are defined by the industry standards – ENISA, NIST or ISO 27001. Additional confirmation of the remediation is done by cybersecurity scanners and tools provided by Cyber Defense Center.
Provide guidance to teams on how to avoid potential security flaws / vulnerabilities on the supported resources by means of the system hardening and a proper service configuration. The guidance is based on industry best practices (defined in international standards) and the client Information Security Vulnerability Management Procedure.
Manage escalation activities related to the vulnerability management (using best practices principles according to industry, testing, understanding of frameworks provided by NIST, ISO27001, ENISA). Technically consult the CDC team to adequately cope with security risks connected with the detected flaws and vulnerabilities and their mitigation. The process of escalations is handled fully by CDC team.
Documentation of all in the project taken vulnerability remediation tasks, their initial and current states, working time spent as well as planned / scheduled actions (Word, Excel, and OneNote). The client will sign-off the documentation.