Beschreibung
Role: Security EngineerLocation : Frankfurt,Germany
Role Type: Permanent
Your profile:
Degree in computer science or similar.
Several years of professional experience as an engineer in IT security
Routine in dealing with IT security infrastructures as well as experience in finding solutions and in project work
Professional, systematic working methods paired with social competence and a high degree of innovation
According to the minimum standard the complete firewall rule set base for ING DE needs to be checked at least semi-annually.
This check should minimize the danger of malicious rules going undetected, eliminate the dangers arising from obsolete and/or unused rules, etc..
We need roughly 10.000 rules to get checked. There are currently no automated solutions or tools available to get this done, but by a manual checking / verification approach.
We need to have the complete Fire Wall rule base to be validated and cross linked against existing External Connection Certificates (EC or ECC) and Internal Connection Certificates (IC). Also re-engineering of existing work needs to done.
Overall view on activities /capabilities needed:
• Pull list of FW ruleset (from each FW cluster)
• Identify rule owner by reverse engineering (assistance of German staff here)
• Check each rule against external / internal connection documents (formal request for implementation of the rule(s))
• Check each rule referring to the inherent risk -> provide optimization proposals; implement where possible
Further:
The process to stay in control will (for bigger part) be defined by the agreed description in CAS closing documents on the topic. Wil be shared.
Parallel there will be an automated process to identify unused objects (rules, hosts, groups, …) in the FW ruleset (also as described in the closing documents).