High-Value Asset Assessments
- Performed vulnerability management services including creation and implementation of vulnerability management policy, risk, threat, and security assessments including code reviews and external assessments like penetration tests, and resolution of findings by ensuring implementation of safeguarding configurations for all identified assets including high-value assets.
Risk and Vulnerability Assessments
- Performed DoD Security Technical Implementation Guides (STIGs) assessments for all assets to identify threats and risks for each component of the security architecture.
- Performed risk assessments on networks including ports and protocols, web applications, operating system, and databases.
- In addition to the STIGs assessments, conducted vulnerability scans for all security architecture components and supported independent external assessments like penetration tests and code reviews.
Cyber Threat Hunt
- Performed cyber security activities that resulted in multiple layers of implemented security controls; this ensured a low-risk cybersecurity posture for the applications under this project.
- The cyber threat hunters validated the low-risk cybersecurity posture of the applications we were tasked to protect.
- Created and implemented an Incident Response Plan or Policy for the set of systems/applications under the contract. The policy and implementation covered incident reporting, notification procedures, incident analysis, handling, impacted asset isolation, containment, and recovery.
- Worked with Service Desk teams on the notification and reporting procedures. We also worked with DoD Cyber Security Service Provision teams to coordinate forensic investigations where applicable.
- Supported all external testing including penetration testing for all applications under the contract.
- Reviewed and validated results of penetration tests as well as ensured all validated findings were resolved.