Security - IT Consultant

Task description - The scope of services includes the following tasks, which are performed independently:

- Analyze security concepts provided by threat and vulnerability management team in order to identify vulnerabilities in all software layers, outdated, obsolete and not supported technologies, security gaps and insufficiencies of the existing security measures. Present the results to Uniper Cyber Defense Center (CDC) accordingly, including professional consulting about how to provide a sufficient security level of the vulnerable resources corresponding to the existing security standards and best practices along with corresponding measures.

- Consult the business teams involved in the remediation regarding the ways of remediation of the detected security flaws and vulnerabilities, providing technical information required for vulnerabilities remediation. This can be done by email, in virtual meetings via MS teams or by phone. The progress will be visible on the amount of detected vulnerabilities processed from the queue.

- Provide professional consultancy to external parties and service providers involved in the vulnerabilities remediation process (consultation regarding vulnerabilities). Control and validate the timelines and the quality of the offered and implemented remediation. The quality standards are defined by the industry standards ? ENISA, NIST or ISO 27001. Additional confirmation of the remediation is done by cybersecurity scanners and tools provided by Uniper Cyber Defense Center.

- Provide guidance to teams on how to avoid potential security flaws / vulnerabilities on the supported resources by means of the system hardening and a proper service configuration. The guidance is based on industry best practices (defined in international standards) and Uniper Information Security Vulnerability Management Procedure.

- Manage escalation activities related to the vulnerability management (using best practices principles according to industry, testing, understanding of frameworks provided by NIST, ISO27001, ENISA). Technically consult the CDC team to adequately cope with security risks connected with the detected flaws and vulnerabilities and their mitigation. The process of escalations are handled fully by the CDC team.

- Document all vulnerability remediation tasks taken in the project, their initial and current states, working time spent as well as planned / scheduled actions (in Word, Excel, OneNote). Uniper will sign-off the documentation.

- Acting as an external consultant to Uniper when interacting with external parties.


Uniper provides all necessary information, access to the systems and requirements in advance.