EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
· Experience preparing project plans, timelines, and deliverables
· Strong knowledge of Linux security audits, vulnerability identification, and mitigation
· Hands-on experience with Ansible for security hardening and centralized configuration
· Expertise in password policies, bootloader protection, and SSH key management (3072-bit)
· Experience in verification, monitoring, troubleshooting, and clean-up after security changes
· Ability to maintain documentation reflecting security and configuration updates
DUTIES/ROLE:
· Prepare pre-requisite documentations required for the project management for this engagement:
ü Present the overall project plan which summarizes the approach for each step for this engagement
ü Present a timeline with the targeted date for each activity
ü Present the templates of the deliverables
· Review, in details, the audit report and its annexes which describe identified vulnerabilities with regards to Linux based systems
· Perform an additional security assessment to identify any other potential and significant vulnerability not reported and which may affect the security and further suggest technical measures to mitigate vulnerabilities
· For both the vulnerabilities still pending proper mitigation and newly discovered vulnerabilities, define an action plan to mitigate these vulnerabilities and, after review and validation, implement the mitigation plan by leveraging the existing configuration management tool for Linux based systems (specifically Ansible). Sufficient testing of configuration hardening changes shall be performed by the Contractor before any implementation to production
· Review password expiration
· Review password protection for access to bootloader
· Review Secure shell (SSH) key lengths not meeting the recommended 3072-bit key length
· Create or update existing Ansible configurations (e.g. playbooks, etc.) as deemed necessary and to ensure that configuration hardening is consistently enforced across the Linux IT systems and from a centralized system
· Perform post-hardening due diligence checks: System verification and monitoring, potential troubleshooting, potential configuration clean-up, etc.
· Update the existing technical documentations to reflect the potential configuration changes brought to the environment