Angebot: 45674 - KU - Security Consultant für Remote-Einsatz gesucht

Projektbeschreibung

Für nachfolgende Tätigkeit suchen wir 1 Bewerber mit folgenden Qualifikationen - vielleicht wären Sie dafür verfügbar oder können eine Empfehlung aussprechen:

Mit der Nutzung der männlichen Form des Wortes „Berater / Entwickler etc.“ sind alle Geschlechtsformen weiblich/männlich/divers gemeint

Mit dieser Anfrage suchen wir einen IT Security Spezialisten

ABGABEFRIST FÜR ANGEBOTE: 09.05. - 11:00 Uhr

Tätigkeit:

Project name: Vulnerability Management Service Optimization

Project description: The Vulnerability Management Service Optimization project is covering the elimination of the detected software vulnerabilities in the Uniper business systems and external resources. This includes remediation of the vulnerabilities in business applications (on-prem and cloud-based), operating systems (e.g. Windows, Linux), auxiliary software, network devices, web resources and other devices identified by network scanning. The aim of the project is to reduce the overall attack surface (internal and external) thus improving security posture and minimizing risks of a Uniper IT landscape penetration and compromising.

Task description - The scope of services includes the following tasks, which are performed independently:

- Analysis of security concepts provided by the threat and vulnerability management team in order to identify vulnerabilities in all software layers, outdated, obsolete and not supported technologies, security gaps and insufficiencies of the existing security measures. Assessment, prioritization and presentation of the results to Uniper Cyber Defense Center (CDC) accordingly, including provision of professional consulting about how to provide a sufficient security level of the vulnerable resources corresponding to the existing security standards and best practices along with corresponding measures.
- Provision of professional consultation to the business teams involved in the remediation regarding the ways of remediation of the detected security flaws and vulnerabilities, providing root causes and technical information required for vulnerabilities remediation; provision of the above mentioned professional consultation by email, in virtual meetings via MS teams or by phone based on own professional experience. Presentation of the project progress to Uniper made visible by the amount of detected vulnerabilities processed from the queue.
- Provision of professional consultancy to external parties and service providers involved in the vulnerabilities remediation process (consultation regarding vulnerabilities) with the aim of controlling and validation of the timelines and the quality of the offered and implemented remediation. The quality standards are defined by the industry standards – ENISA, NIST or ISO 27001. Additional confirmation of the remediation is done by cybersecurity scanners and tools provided by Uniper Cyber Defense Center in advance.
- Provision of professional expert consultation to teams on how to avoid potential security flaws / vulnerabilities on the supported resources by means of the system hardening and a proper service configuration. The guidance is based on industry best practices (defined in international standards) and Uniper Information Security Vulnerability Management Procedure provided by Uniper in advance.
- Steering the escalation activities related to the vulnerability management by using best practices principles according to industry, testing, understanding of frameworks provided by NIST, ISO27001, ENISA. Provision of technical consultation to the CDC team to adequately cope with security risks connected with the detected flaws and vulnerabilities and their mitigation. The process of escalations are handled fully by the CDC team.
- Documentation of all vulnerability remediation tasks taken in the project, their initial and current states, working time spent as well as planned / scheduled actions (in Word, Excel, OneNote). Uniper signs off the documentation.

Skills:

Must have: Mindestens 5 Berufserfahrung mit IT Security bei größeren Unternehmen.

Nice to have: Kenntnisse von Service Now und Infoblox.

Es können Personen nicht nur aus Deutschland angeboten werden,

Bitte reichen Sie Profile in Deutsch oder Englisch ein

Projektsprache:

Deutsch und Englisch

Auslastung:

fulltime

Honorar:

bitte benennen Sie uns Ihren Stundensatz auf All in Basis für einen Remote-Einsatz

Zahlungsziel:

30 Tage

Sonstiges

Beginn

19.05.2025

Laufzeit / Ende

30.09.2025

Ort

Remote