15 mars 2022 à 0h01 Informatique & Télécoms Rabat 70 vues
Détails de l'annonce
The main mission of the Security Engineer Vulnerability Management is to check and analyze the different systems if they contain any passwords in clear-text or weak hashes (in folders, text files, application files...) by running Script “CredzScanner” and perform manual spot-checks, generate Reports illustrating the analysis result and analyses patterns in the result files for bulk-remediation. Follow-up on findings, identify true positives, investigate ownership and create incident tickets in the SILVA ITSM Tool (ServiceNow). Follow-up on resolution, produce KPI’s, provide a dashboard and escalate issues.
Have the ability to upgrade and improve the Script in order to adapt it with the new needs.
Security Management :
- Analyze all system servers at AXA (SE/NE/ME/AP Datacenter’s)
- Perform the password hunting using (initially the tool is run once per month in every data center)
- Perform spot-checks on clear-text passwords in systems not covered by CredzScanner (e.g. in Confluence)
- Pilot and implement actions from the audit project
- Analyse patterns in the result files for bulk-remediation
- Identifying issues owners per finding
- Create SILVA tickets and assign these to issues owners
- Following up with on issues not resolved within agreed timeframe
- Update/Modify/Improve Scripts to cover all needs
Reporting Service :
- Provide a monthly analysis of " clear text password " rate in the different countries/Datacenter
- Produce a management dashboard demonstrating remediation progress
Education :
- Minimum Bac+5 in Networks and Security.
Certification :
- An information Security Certification is highly desired (CCNA R&S, CCNA Security, NSE4, PCCSA, MCSA, CEHv9/v10…or/and equivalent)
Work Ethics :
- Due to the sensitive nature of the task, the role holder must have a demonstrated high level of work ethics, secrecy and discretion. A background check will be performed.
Overall work experience in the field :
- Global technical vision of the main security tools / environments:
- PKI, SIEM, SOC, authentication, IPSEC, AD security, operating system security, Windows account security
- Experience managing data security programs like Password Vaulting, Privileged Access Management (Cyber Ark), Data Loss Prevention
- Experience with Identity Management concepts and processes including authorization, authentication, segregation of duties
- Knowledge of best practices around data security
- Experience using an ITSM tool such as ServiceNow
- Strong fundamentals in networking protocols and troubleshooting
- At least 2 years’ experience in the cybersecurity industry
SKILLS & ABILITIES :
- Proven ability to work independently with minimal supervision; must be a self-motivated self-starter that can initiate ideas and take ownership of work
- Ability to learn new technologies quickly and with minimal guidance
- Capable of following and composing process and procedure documentation, training users in complex topics, and interacting positively with upper management
- Critical thinking skills and the ability to solve problems as they arise
- PowerShell scripting skills
- Advanced knowledge in Python
- Basic coding skills, such as HTML, CSS and other languages
- Fluent English. (very important)
Métier : |
Informatique, nouvelles technologies |
Secteur d´activité : |
Informatique, SSII, Internet |
Type de contrat : |
CDI |
Région : |
Rabat-Salé-Kénitra |
Ville : | Rabat |
Niveau d'expérience : | Expérience entre 2 ans et 5 ans |
Niveau d'études : | Bac+5 et plus |
Langues exigées : |
anglais›courant français›courant |
Compétences clés : | Compétences clés: PYTHON POWERSHELL |
Nombre de poste(s) : | 2 |
Description de la société
Riche d’une expérience significative en France et en Europe, notre groupe E.X.M.C se positionne en tant qu’acteur majeur sur le marché des sociétés de services en ingénierie informatique.
Nous intervenons à la fois sur des périmètres Métiers, Techniques et Opérationnels. Notre groupe affiche un effectif de plus de 300 collaborateurs disponibles et mobiles.
Nous sommes structurés autour de Quatre Pôles :
Le Consulting et Assistance à Maîtrise d'Ouvrage (MOA, AMOA) dédié Banques, Finance, Assurances.
L’ingénierie applicative (La maîtrise d'œuvre de projets informatiques (MOE), Ingénierie de développement, TMA, TRA, …)
La production et les infrastructures (Ingénierie, Assistance Technique infogérance, architecture systèmes et réseaux, sécurité, cyber sécurité, Digital…)
L’Informatique Décisionnelle et BIG DATA (Architecture (Avant-vente/POC/ Pilotage Projet), Développement, Expertise (Hadoop,NoSQL, …).