Position Overview: We are seeking a proactive and knowledgeable Security Consultant to join our team for a short-term project aimed at assessing and enhancing our security posture. The consultant will be responsible for conducting thorough vulnerability scans, implementing quick fixes, and providing strategic recommendations for future improvements. This engagement is expected to last 3-6 weeks, with a target completion by mid-December.
Key Responsibilities:
- Conduct a comprehensive vulnerability scan of the corporate office and local environment.
- Assess the configuration and security of Sophos firewalls and the VPN tunnel to Yardi CRM.
- Evaluate the Office 365 (O365) environment, assisting with hardening measures to secure sensitive data and applications.
- Perform a network scan to identify potential vulnerabilities and security gaps.
- Review existing Multi-Factor Authentication (MFA) mechanisms and endpoint protection strategies.
- Analyze current administrative roles and policies for security effectiveness.
- Identify vulnerabilities and execute immediate "quick fixes" where necessary (e.g., correcting firewall policy misconfigurations).
- Advise on risk mitigation strategies and help prioritize necessary changes.
- Consult on the development of a roadmap for security enhancements for Q1 and Q2 of the following year.
- Guide the organization through the SEC filing process, ensuring compliance by the end of Q2 2025, and assess the potential need for a SOC evaluation in the future.
- Determine the necessity and scope of a penetration test, including which areas should be tested early next year.
Must-Haves:
- Proven experience in planning and conducting O365 vulnerability and security assessments.
- Hands-on experience with network scanning tools and techniques.
- Familiarity with the O365 suite, VPN configurations, and firewall management (experience with Sophos preferred, but varied firewall experience is acceptable).
- Understanding of VPN tunneling, keys, and authentication methods.
- Proficient in Intune, MFA, and endpoint protection technologies.
- Strong background in networking and infrastructure, with an emphasis on security—not solely focused on cybersecurity.
- Recent experience working in small environments (maximum ~500 personnel).
- Comfort with ambiguity and the ability to effectively communicate potential risks and improvements to clients.
Duration: 3-6 weeks, with a completion target by mid-December.
#J-18808-Ljbffr