Security Consultant - Cyber Strategic & Risk
Deloitte USI
Total des années d'expérience :5 years, 1 Mois
Key Deliverables:
• Formulated and implemented strategic security plans to safeguard organizational assets and sensitive information.
• Aligned security strategies with business objectives, ensuring a balance between risk mitigation and operational efficiency.
• Worked in managed security services for Threat and Vulnerability management team to perform vulnerability assessments and identify OS/ application security weakness.
• Executed CIS level-1 configuration scans for golden images.
• Supported ERP team in the migration ERP on-premises server to cloud servers from security perspective.
• Scrutinised and performed vulnerability scans on out-of-band vulnerabilities.
• Supported the remediation team for installing & troubleshooting Qualys Cloud agent in AWS & Azure VM.
• Chased and monitored the open reported vulnerabilities using Power BI Dashboards both weekly and monthly and work together with stakeholders to prioritize risks and develop strategies for mitigation.
• Ensured compliance with regulatory requirements and communicated changes to relevant stakeholders.
• Provided guidance during security incidents, coordinating response efforts to minimize impact and mitigate security incidents.
• Conducted comprehensive cyber risk assessments for clients, identifying potential vulnerabilities and threats.
Key Deliverables:
• Conducted a vulnerability assessment using Qualys on the organizations managed network devices, covering switches, routers, endpoint devices, servers, and other network devices. Nmap was used to perform sporadic penetration testing on network devices.
• Implemented updates and patches to ensure the security of systems and networks.
• Ensured that security measures were integrated into the architecture of new systems and projects.
• Evaluated and selected security tools and technologies to enhance the organizations security capabilities.
• Steered and participated in the execution of large-scale initiatives such as the Skybox security suite, which minimized the need for human labour in carrying out security compliance evaluations utilizing security standards (a blend of NIST and ISO 27001 standards).
• Conducted security audits to assess compliance with internal policies for Network devices to identify points of non-compliance with established information and supported for external security audits.
• Knowledgeable about risk acceptance, remediation, and mitigation for the closure of audits using the GRC Archer tool for NCs documentation, support network, and delivery teams.
Le lien a été supprimé pour non-respect des conditions d'utilisation. Veuillez contacter l’équipe d'assistance pour plus d'informations.