Security - IT Consultant

Task description

The scope of services includes the following tasks, which are performed independently:

- Analyze security concepts provided by threat and vulnerability management team in order to identify vulnerabilities in all software layers, outdated, obsolete and not supported technologies, security gaps and insufficiencies of the existing security measures. Present the results to Uniper Cyber Defense Center (CDC) accordingly including professional consulting about how to provide a sufficient security level of the vulnerable resources corresponding to the existing security standards and best practices along with corresponding measures. 

- Consult the business teams involved in the remediation regarding the ways of remediation of the detected security flaws and vulnerabilities, providing technical information required for vulnerabilities remediation. This can be done by email, in virtual meetings via MS teams or by phone. The progress will be visible on the amount of detected vulnerabilities processed from the queue.

- Consult the external parties and service providers involved in the vulnerabilities remediation process. Control and validate the timelines and the quality of the offered and implemented remediation. The quality standards are defined by the industry standards - ENISA, NIST or ISO 27001. Additional confirmation of the remediation is done by cybersecurity scanners and tools provided by Uniper Cyber Defense Center.

- Provide guidance to teams on how to avoid potential security flaws / vulnerabilities on the supported resources by means of the system hardening and a proper service configuration. The guidance is based on industry best practices (defined in international standards) and Uniper Information Security Vulnerability Management Procedure.

- Manage escalation activities related to the vulnerability management (using best practices principles according to industry, testing, understanding of frameworks provided by NIST, ISO27001, ENISA). Technically consult the CDC team to adequately cope with security risks connected with the detected flaws and vulnerabilities and their mitigation. The process of escalations are handled fully by CDC team.

- Documentation of all in the project taken vulnerability remediation tasks, their initial and current states, working time spent as well as planned / scheduled actions (Word, Excel, OneNote). Uniper will sign-off the documentation.

Uniper provides all necessary information, access to the systems and requirements in advance.