Enterprise Planning & Architecture

Title: Enterprise Planning & Architecture

Duration: 6 Months

Client: City of Philadelphia

Location: Philadelphia, PA 19107

Note: This is a Hybrid Role.

Statement of Work:

• Perform planned test cases to determine vulnerabilities, conduct process audits determining level of compliance, interact with staff to obtain their level of expertise within the current environment, assess current ability to prevent intrusion attacks and produce a recommendations report identifying areas of compliance, non-compliance and where improvements are required.
  

Work Activities:

Regulatory Compliance and Industry Standards (compliance guidelines):

• Federal (FISMA) and DoD Certification and Accreditation (NIST and 800 series).
  
• International Organization for Standardization (ISO) 17799.
  

Documentation & Process Review (audit and review):

• Security policies and procedures (internal, external).
  
• Network diagram (logical and physical) of all systems associated with a potential security risk. i.e., PWD Domain, CityNet, Firewall, Video cameras and Wi-Fi.
  
• Firewall, Network, Anti-virus and Enterprise operating system support model and contact information.
  
• Audit and assess change management process and procedures (were all changes authorized and documented).
  
• Office of Innovation & Technology
  

Security Monitoring, Intrusion Detection, Incident Response and Forensics (audit):

• Security monitoring consolidation of disparate security devices (firewalls, syslog, IPSs, etc.) via a Security Information Management Product.
  
• Incident Response Planning.
  
• Audit a representative sample of VPN account information for justification and current usage or access reporting.
  
• Audit a representative sample of established VLAN’s information for justification and current usage or access reporting.
  
• Review existing security monitoring, IPS, and incident response plans for effectiveness.
  

Physical and OS Security(audit):

• Audit and review all servers to confirm no unauthorized access to equipment, locations, or software.
  
• Review access procedures for equipment.
  
• Confirm all software updates are current across network, Operating System, and Firewall equipment.
  
• Confirm common hardening is in place.
  
• Map network interfaces to policy zones.
  
• Access network equipment for vulnerabilities out to the edge.
  
• Audit and review all servers in the DMZ and validate DMZ structure and protocols.
  

Vulnerability Assessments and Penetration Testing (create, audit and test):

• Identify vulnerabilities that may exist through misconfiguration or poor security practice.
  
• Provide an initial in-depth and rapid assessment of the effectiveness of deployed security controls.
  
• Perform internal network and/or perimeter tests of key systems and networks segments.
  
• Security engineers will work to penetrate PWD’s target environment to the extent desired.
  
• Wireless network evaluation to identify rogue and/or improperly configured wireless access points.
  
• Data loss prevention (confirm no sensitive or private information is sent from the Network (City Net), and or file sharing or file copying activities.
  

Skills/Experience REQUIRED of the Assigned Staff:

• Security risk assessment certification, e.g. Certification Information Systems Auditor or an approved equivalent.
  
• Security Engineering
  
• Firewall Development
  
• Vulnerability Assessment
  
• Penetration Testing
  
• Internet Security Engineering
  
• Security engineering (security testing, code reviews to create security architecture and threat models).
  
• Network and endpoint forensics (IPS, proxy, web filtering, email filtering, firewall, APT detection).
  
• Vulnerability analysis and penetration testing (identification of potential security holes and closing them off).
  
• Security information and event management analysis (monitors and gathers activity details occurring on the network).
  
• Application security (code review, white box testing, black box testing and all three requires different kind of skill sets).
  
• Server security (web server, application server, database servers).
  
• Data security (encryption, DRM, tokenization, compliance, data classification and policies and so forth).
  
• Excellent communication and documentation skills using MS suite of products (Word, Excel, PowerPoint Visio, Project, etc.)
  

"If you are: bright, motivated, skilled, a difference-maker, able to get things done, work with minimum direction, enthusiastic, a thinker, able to juggle and multi-task, communicate effectively, and lead, then we would like to hear from you. We need exceptionally capable people for this role for our client, so get back to us and tell us why you think you are a fit."

About Us:

Since 2000, Tri-Force Consulting Services () has been an MBE/SDB certified IT Consulting firm in the Philadelphia region. Tri-Force specializes in IT staffing, software development (web and mobile apps), systems integration, data analytics, system automation, cybersecurity, and cloud technology solutions for government and commercial clients. Tri-Force works with clients to overcome obstacles such as increasing productivity, increasing efficiencies through automation, and lowering costs. Our clients benefit from our three distinguishing core values: integrity, diligence, and technological excellence. Tri-Force is a six-time winner among the fastest-growing companies in Philadelphia and a four-time winner on the Inc. 5000 list of the nation's fastest-growing companies.