Security Operations Center Analyst

Position Overview:

  1. Resolve, escalate report and raise recommendations for resolution and remediation for security incidents
  2. Advanced monitoring of system logs, SIEM tools and network traffic for unusual or suspicious activity.
  3. SIEM (Security Information and Event Management):
    – Setting up various SIEM solutions and troubleshooting connectivity issues.
    – Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions.
    – Collate security incident and event data to produce monthly exception and management reports.
    – Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
    – Develop and maintain documentation for security systems and procedures.
    – Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.

Requirements:

Bachelor’s degree preferred
1-3 years experience in security and system\network operations
CISSP, CCSP, or other security-related certifications preferred.
Ability to work with client’s IT \ Security teams and Directors’ level.

IT Security Specialist

Position Overview:

We are looking for a talented information security ninja with expertise in information security infrastructure and incident response.
In this position you will perform variety of tasks including monitor security incidents, design, deploy and maintain information security infrastructure and responding to cyber threats.

Requirements:

– At least 3 years of experience in information security (setting up and maintaining security systems including
data loss prevention, NAC, anti-virus, log management, etc.)
– Hands-On experience in managing IT systems (operating systems, networking, virtualization, DB, etc.)
– Experienced with complicated IT environments and various system solutions
– Knowledge of Windows and Linux systems
– Scripting skills
– Experience with SIEM\security analytics platforms systems – significant advantage
– Experience with cloud security – Advantage
– Experience with penetration testing – Advantage
– Great team player
– Able to work under pressure
– Self and quick learner
– English – High level, both written and verbal
– Project management skills – advantage

Information Security Architect

Position Overview:

  1. Deploy, manage and maintain all security systems such as: IPS, WAF / Database / XML Firewalls, Vulnerability Assessment and Hardening Compliance Controls, etc.
  2. Security planning & integration; Detect security weaknesses within the infrastructure and provide the right technical controls in order to mitigate the risks.
  3. Create and re-configure SIEM alerts, according the Security violations and events, from the relevant systems.
  4. Assess need for any security re-configurations (minor or significant) and execute as required.
  5. Seek for new security solution / technologies.
  6. Ensure IT environment conforms to all the company’s regulations and information security best-practices.

Minimum Qualifications:

5+ years information security hands-on experience.

Experience with implementing and managing Network Firewalls, IDS/IPS, Web content filters, NAC, WAF, DB-FW.

In-depth understanding of SIEM technology, incident handling, configuring new rules, and fine-tuning the existing rules.

In-depth understanding of IP networking, TCP/IP well known protocols, network segmentation and Network security-related technologies.

In-depth technical knowledge of IT operating systems.

Strong organisational skills and excellent attention to details.

Ability to effectively prioritize and execute tasks.

On-call security support as needed.

Offensive Security Researcher

Department Overview:

We are looking for an Offensive Security Researcher across complex systems and technologies.

Position Overview:

–    You will have to use creativity, and fast learning abilities
–    You will have the ability to work within a small and highly-technical team
–    You will be a team member in our new & innovative product group.

Minimum Qualifications:

– At least 3 years of experience in cyber security research in the following fields:
– Static/Dynamic Reverse-Engineering & vulnerability research on different architectures(ARM/MIPS/X86/X64 etc.).
– Embedded/IoT systems vulnerability research(Chipsets/Microcontrollers/SoC etc.)
– Proprietary Protocols analysis and vulnerability research
– Fuzzing techniques & approaches
– In-depth knowledge of Linux based operating systems internals.
– B.Sc. in Computer Science / Software Engineering / graduate of elite intelligence corps Course (Talpiot,
ARAM, Acham , Silan) – Advantage.
– In-depth knowledge of WEB Engines/Protocols – advantage

International Sales Manager

Position Overview:

We are looking for an International Cyber Sales Manager to build and develop large network and lead the overseas activity

Responsibilities:

  • Manage, develop and promote company’s solutions & services in Europe and all over the globe.
  • Define Go To Market plan based on target market research.
  • Develop direct and indirect Channels
  • Evaluate the needs of an existing and potential clients and transform them into sale opportunities.
  • Prepare, present, and negotiate financial and technical proposals both to existing and potential clients.
  • Handle after sales customer support to ensure customer satisfaction.
  • Responsible in front of internal management for the total profitability of the company activity in the region
  • Represents the local company and its values in its relationships with major clients, suppliers, and professional bodies

Must Have:

– Experience in selling Cyber Security Solutions/Services – a must
– Experience working with International Channel Partners/VARS – a must
– Entrepreneurial/Self Starter personality
– team player and knows how to leverage resources effectively and efficiently
– Effective written and verbal communications skills

Senior Penetration Tester

Join a team of super technological Ninjas!

Responsibilities: 

  • Conduct ongoing penetration testing for our clients – infrastructure, mobile app, web applications.
  • Interpret vulnerabilities, identify weaknesses, exploit them. Report the security findings in a clear and concise manner.
  • Plan and automate tests for validating various attack vectors – for continuous testing.
  • Keep up-to-date with tools, countermeasures, threats, & technologies.

Requirements:

  • At least 2 years of experience as Pen. Tester
  • holds a certification of OSCP/CRTE/OSCE/OSWA
  • An individual  who is a team player, out-of-the-box thinker and creative
  • Ability to communicate with C-level, technical, & non-technical audiences.

Front End Developer

Position Overview:

We are building a new SaaS platform to collaborate and engage highly skilled Cy-professionals around the globe.
We are looking for a Front-end developer!
As part of the core development team, you will be responsible for FE and some back-end development.
Implement front end state-of-the-art secured SAAS platform.
You will have the opportunity to participate in all product life cycles in the startup atmosphere.

Requirements:

Passionate about WEB technologies
Pixel-perfect fanatic!
3 years of experience as a FE software developer
At least 2 years experience with JavaScript, TypeScript, CSS 3/HTML 5
Experience with React or other front-ends (Angular, Vue) framework
Motivated, fast learner, and can-do approach
A portfolio is recommended!

Milan (Lombardy, Italy): Palazzo Lombardia, modern building hosting the government of the Region: the glass ceiling of the court

To serve and response

A recent cyber-attack on a government office led our incident responders to defuse a challenging cyber event, where creative, outside-of-the-box thinking was needed in order to eliminate the threat.

This is how it played out:

8:42 pm

A customer calls our incident response hotline to report weird logs coming out of their DLP products. Our response team rapidly establishes a secure remote connection in order to see what’s going on.

A quick overview indicates data exfiltration activity, although in a very low volume. Further investigation leads our team to inspect network traffic while searching for suspicious activity.

10:22 pm

A dubious client-server communication is spotted, where the client is located within the network and the server is outside. An IP geolocation investigation points to a server that is in fact in a different country. At this point, our team decides to install internal tools on the suspicious endpoint in order to gain better visibility, while maintaining zero interruptions on the attacker’s activity.

11:07 pm

It is now clear that we are dealing with a sophisticated attacker who has managed to bypass almost every control the office has to offer. After a successful lateral movement, he’s gained access to several endpoints across the organization.

12:15 am

After informing the management team on the customer side, we begin to take action. The first step is to implement honey pots so that we can learn about the attacker’s techniques and the tools he’s using. This is a great success – the attacker fell for almost every honey pot we deployed.

The next step is to use the credentials he’s using to communicate with his servers and evaluate what information he’s gained access to so far so that we can later on destroy it.

Finally, the last step is to stop his malicious activity using tools like Cynet and others.

2 days later

Our team heads over to the customer site in order to brief everyone at the office on the chain of events, including our successful incident response activity.

Doctor's desktop with medical equipment, computer and X-ray of human lungs.

Your vital signs’ monitor may need critical care

Hospitals around the globe rely on many types of medical devices to deliver the most up-to-date patient care. They also spend hundreds of millions of dollars in backup systems, redundancy, and business continuity to ensure the 100%-functionality of these systems, which are critical to saving lives.

Doctors and nurses rely on these devices on a daily basis, as it allows them to focus on the challenges and complexities that require their human expertise. But there is a scenario that no medical professional is prepared for during their training, and something that is often overlooked by hospitals. That is – how safe are medical devices in the face of a cyber-attack?

This case study will examine how a major hack on a hospital’s medical monitoring technology can directly affect patients’ lives.

Patient monitoring devices provide a snapshot of a patient’s health status, including a full vital signs’ analysis, like heart rate, temperature, blood oxygen levels, etc. This allows medical staff to quickly evaluate the patient’s status.

Samples can be taken every few hours, or, in cases where patients are being monitored consistently, a staff member can observe several patients at once from the nurses’ station. If the monitor detects a deviation from the normal level of measurement, an alarm goes off at the nurses’ station, prompting the staff to check on the patient.

Recently, a known monitor manufacturer asked BugSec to conduct a security product evaluation. We quickly discovered that the communication channel between the monitoring devices and the reporting unit at the nurses’ station was based on a simple radio frequency (RF) protocol, which would allow us to freely receive and transmit data above the channel with the right tools.

After sketching an attack surface, we decided to go with this approach. We connected the monitor to a live person and measured his signs. We also set up a mock nurses’ station with screens showing data from the demo patient.

During the simulated attack, we used sophisticated tools to pick up the frequency that the device was transmitting on. After learning how every sign is interpreted by the system, we started playing around with it a bit and managed to transmit different messages on the same pattern, causing the device to relay false patient data to the nurses’ station. This, of course, is a serious vulnerability, not only due to the impact on patients’ lives, but also because hospitals are a public space and the ease of access by a malicious party is so great.

We immediately reported the vulnerability to the manufacturer, including our recommendations on how to mitigate the threat, and they were able to immediately stop the false transmission.

franck-v-512281-unsplash

Elevated attack

How vulnerable can a building guard’s desktop be? Really, it should only be allowed to access the automatic doors controls and maybe a game of Solitaire, right? Think again.

Several months ago, a major real estate company asked BugSec to conduct an external takeover of their IT system. This provides the company with a comprehensive view of various areas of exposure that they might have, which can be taken advantage of by malicious parties. All discoveries were of course reported to the customer.

We began our reconnaissance on a famous office building. A quick look at the guard station revealed that a vulnerable computer operating system had been installed, which was a possible entry point. An additional search of the premises led us to an exposed Ethernet outlet, and like good white hat hackers, we decided to plug in.

Once we were in, we managed to bypass the NAC system and gain access to a local IP address. A quick assets scan revealed that this was the guard’s station endpoint, which wasn’t even concealed as it was called “GUARD-PC”. We were able to exploit the previously discovered vulnerability on this endpoint to get a remote shell on the Guard PC, and from that point we were inside the system.

Moving onto the next stage towards privilege escalation, it took about 15 minutes until we had accessed the domain admin. For many ethical hackers, this would have been the jackpot and they would have called it a wrap. But our team was just warming up.

We decided to manipulate the building’s digital signage system, changing the direction of arrows, switching between corporates names and floors, and adding fictional names and signage, like “Dr. Smith – to the right.”

We continued probing until we gained control of the elevators. We were able to stop and restart them, lock people inside, and perform many other operations that would be quite worrisome if carried out by a real hacker.

All issues were reported fully to the customer, who was both surprised by the gaps in their system and happy to have us on their side in order to resolve the issues.