Cyber Security- Stockholm/Remote

Full time
Remote, Sweden
Posted 7 months ago
Job Languages:

English

Our background regarding cyber security

So far, the CATO system has most often been implemented without deep integration with the customer’s other system. Safety requirements are low (SIL0). Cybersecurity has mainly been a matter of ensuring the system’s operational availability, reliability and theft protection. A structure corresponding to it is used in a previous project.

The software system is built in Java, usually with Linux as the OS.

We have so far built according to the following guidelines.

Communication

Administration: Login over SSH – simple authentication

Server to server: SSH tunnels / https

The server side

We use Ubuntu Linux or RHEL. OS hardening according to the Center for Internet Security

Components containerized with Docker CE.

Development environment

IDE: IntelliJ Idea

Language: Java / Scala

Version management: Git / Github

Building system: Gradle (groovy)

Build Server: Jenkins (pipelines)

Certificate management: manual

The list of requirements regarding cybersecurity is very detailed at the same time as they are to some extent open to alternative solutions. Many requirements relate more or less to specific solutions.

They include, for example:

• Aspects of logging when trying to access

• Access rights, e.g. for maintenance/troubleshooting

• Authentication

• Login, password

• Encryption

• Control of access to file systems

• Requirements for server functions, firewalls

Scope

Our need for consulting support primarily includes contributing to how we reasonably meet those requirements

The company also participates in the development of our guidelines for an appropriate adaptation of software and configuration with respect to these. Possibly support from various experts in the field of cybersecurity is needed because it covers many disciplines.

We feel that the consulting support is mainly about how to adapt the CATO system regarding:

• Credentials; TLS, distribution of certificates

• Use of external services: Active directory, company’s system Radius for authentication

• OS setup/hardening, AppArmor configuration

• Distribution of software

• Logging

• Login, access rights

• Administration

• Vulnerability

Apply Online

A valid phone number is required.