Vacancy caducado!
- Analysis of report data to produce metrics related to security controls
- Using scripts (such as PowerShell or SQL queries) or export utilities to gather relevant data
- Using various software (such as Excel or NotePad) to sort, filter, format, and compare data to determine software coverage gaps, control compliance, etc.
- Produce lists for recommended remediation (list of systems to be upgraded, software requiring install, account passwords to be reset, etc.)
- Examples, systems missing Red Cloak, unreachable (potentially decommissioned) systems, detected systems with no documentation
- Review of specific control implementation
- Examples:
- List of systems detected with a specific EOL software
- List of systems with a configuration vulnerable to a specific threat (given factors such as ports or software version required for exploit)
- Accounts without an assigned owner
- Examples:
- General reporting
- Examples:
- VMS Exceptions by CGTicket
- VMS Top 20 reporting
- ChangeGear tickets by type and time period (firewall changes for quarterly audit, security incidents compare to SecureWork incidents).
- Firewall rule usage
- Examples:
- Log analysis as part of project research or incident response
- Export and analysis of firewall logs to determine network connectivity issues (given source, destination, port, is traffic blocked, allowed, or not present, etc.)
- Review of security event data through multiple systems (AV, web-filter, email defense, etc.) to identify the source of malicious files or traffic
- Review of blocked traffic or rule usage reports to determine potential tuning recommendations
- Procedure development and validation
- Help formalize and mature procedures by stepping through various processes to test documentation and raise questions
- Build security system configuration documentation
- Gather screenshots, current setting values, firewall object definitions, etc. and compile into a structured document.
- Routine Change Management
- Submit documentation and manage tickets for MSSP managed upgrades or other standard low-risk changes.
- Communicating with system owners to gather various audit data:
- Requesting additional documentation on discovered assets (additions to the IP Addresses or CMDB)
- Follow-up on requests (expiring VMS exceptions, overdue remediation tickets, incomplete documentation)
- Respond to questions and requests related to security operations such as:
- Questions about blocked or allowed traffic, or current firewall rule-sets.
- Research about patch applicability or vulnerability mitigations
- Testing addresses/URLs against current rules or vendor reputation
- Basic modifications to allow-lists, firewall rules, or AV exceptions
- 1+ years of helpdesk experience
- Exposure to networking and security support
- Exposure to server and systems support
- Exposure to Active Directory and ID management systems
- Interest in security operations
- Strong analytical skills
- Reasonable communication
Vacancy caducado!