Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
Technical Annex Security Consultant
Eingestellt von eCRM Euro Ltd
Gesuchte Skills: Consultant, Network, Oracle, Linux
Projektbeschreibung
TECHNICAL ANNEX SECURITY CONSULTANT - LUXEMBOURG
eCRM Euro are looking for Technical Annex Security Consultant to support the customer in delivering security services, in the field of security assurance, which includes:
*Vulnerability assessment and handling;
*IT security compliance checking;
*Penetration testing.
1. PARTICIPATE IN THE DEFINITION, THE IMPROVEMENT AND THE DELIVERY OF THE INFRASTRUCTURE INFORMATION ASSURANCE SERVICE
Build an IT assets catalog, taking into account their criticality
The systems to test include a wide range of operating systems, network components, database systems, application Servers;
Evaluate and implement solutions to deliver the service, by;
*Analysing the market;
*Testing solutions during POCs by developing tests environments, integrating solutions, running tests scenarios and generating results reports;
*Operate the infrastructure and solutions necessary for security vulnerability assessment and security technical compliance service;
*In close partnership with customers/system owners, execute vulnerability and compliance assessments, by
*Preparing/specifying the tests, planning;
*Performing the tests;
*Analysing results, drafting recommendations, drafting executive and technical reports;
*Exchanging with teams on results and recommendations;
*Follow-up remediation plans;
*Perform security watch on new vulnerabilities, exploits and attack methods;
*In specific cases (ex for unpatched vulnerabilities),
*perform technical analysis and examination of new vulnerabilities;
*determine the appropriate response to mitigate or repair it;
*notify the various parts about the vulnerability and share information about how to fix or mitigate it and coordinate vulnerability response;
1.2. PENETRATION TESTING
*Keep watch and implement appropriate tools to deliver the service;
*Prepare and perform the tests, if realised internally;
*Take part in the preparation of the pentests, supervise their execution, if outsourced;
*Integrate pentests results within the frame of vulnerability management.
2. PARTICIPATE IN THE SECURITY ENGINEERING AND HARDENING OF CUSTOMER SECURITY OPERATIONS CENTRE INFRASTRUCTURE COMPONENTS
This includes (but is not limited to) the following components:
*VM Ware Servers
*Windows Servers
*Linux Servers
*NetAPP FAS Storage NAS
*Oracle Database
*ArcSight components (Logger, log forwarders, smart connectors, ESM, DB, Clients )
*Cisco Switches
*Firewalls (Checkpoint)
*Intrusion Detection Systems
*Enterprise Network and Systems forensics solutions
*Forensics lab
*Vulnerability assessment and configuration compliance solutions
*Other security solutions (central password management system, PKI)
*Infrastructure monitoring solutions
*CMDBs
3. SUPPORT IN THE MONITORING AND INCIDENT RESPONSE PROCESSES
oBy sharing knowledge with security analysts on system related aspects, participating in improving correlation rules, discovery and assessment techniques and measures.
*SUPPORT
oSupport in the analysis phase: provide input related to impacted assets, vulnerability knowledge;
oSupport in elaborating the response strategy and mitigation measures;
eCRM Euro are looking for Technical Annex Security Consultant to support the customer in delivering security services, in the field of security assurance, which includes:
*Vulnerability assessment and handling;
*IT security compliance checking;
*Penetration testing.
1. PARTICIPATE IN THE DEFINITION, THE IMPROVEMENT AND THE DELIVERY OF THE INFRASTRUCTURE INFORMATION ASSURANCE SERVICE
Build an IT assets catalog, taking into account their criticality
The systems to test include a wide range of operating systems, network components, database systems, application Servers;
Evaluate and implement solutions to deliver the service, by;
*Analysing the market;
*Testing solutions during POCs by developing tests environments, integrating solutions, running tests scenarios and generating results reports;
*Operate the infrastructure and solutions necessary for security vulnerability assessment and security technical compliance service;
*In close partnership with customers/system owners, execute vulnerability and compliance assessments, by
*Preparing/specifying the tests, planning;
*Performing the tests;
*Analysing results, drafting recommendations, drafting executive and technical reports;
*Exchanging with teams on results and recommendations;
*Follow-up remediation plans;
*Perform security watch on new vulnerabilities, exploits and attack methods;
*In specific cases (ex for unpatched vulnerabilities),
*perform technical analysis and examination of new vulnerabilities;
*determine the appropriate response to mitigate or repair it;
*notify the various parts about the vulnerability and share information about how to fix or mitigate it and coordinate vulnerability response;
1.2. PENETRATION TESTING
*Keep watch and implement appropriate tools to deliver the service;
*Prepare and perform the tests, if realised internally;
*Take part in the preparation of the pentests, supervise their execution, if outsourced;
*Integrate pentests results within the frame of vulnerability management.
2. PARTICIPATE IN THE SECURITY ENGINEERING AND HARDENING OF CUSTOMER SECURITY OPERATIONS CENTRE INFRASTRUCTURE COMPONENTS
This includes (but is not limited to) the following components:
*VM Ware Servers
*Windows Servers
*Linux Servers
*NetAPP FAS Storage NAS
*Oracle Database
*ArcSight components (Logger, log forwarders, smart connectors, ESM, DB, Clients )
*Cisco Switches
*Firewalls (Checkpoint)
*Intrusion Detection Systems
*Enterprise Network and Systems forensics solutions
*Forensics lab
*Vulnerability assessment and configuration compliance solutions
*Other security solutions (central password management system, PKI)
*Infrastructure monitoring solutions
*CMDBs
3. SUPPORT IN THE MONITORING AND INCIDENT RESPONSE PROCESSES
oBy sharing knowledge with security analysts on system related aspects, participating in improving correlation rules, discovery and assessment techniques and measures.
*SUPPORT
oSupport in the analysis phase: provide input related to impacted assets, vulnerability knowledge;
oSupport in elaborating the response strategy and mitigation measures;
Projektdetails
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung, Organisation/Management