Government I ACT I NSW I QLD I SA I VIC I Closes 20 March 2024
Must have Negative Vetting Level 1 Security clearance.The Senior Rapid7 Engineer will provide support to supplement the in-place workforce capacity to perform project and capability uplift activities to meet the required maturity level targets set by the Department. This includes experience in configuring and managing the Rapid7 Nexpose product, experience with Insight and Scan Assistant agents, installing scan engines for large (50,000+ device) segregated environments, building custom templates based on business requirements, scheduling scans and building reports.
Primary Technologies
• Windows Server, Windows Desktop, Applications Packager, Rapid 7, Broadcom Data Centre Security Engineer.
Key Tasks/Duties/Requirements - EL1 Rapid7 Senior Engineer
• Configuring and managing the Rapid7 Insight VM product.
• Deploy Rapid 7 Insight VM to windows and midrange servers.
• Deploy and configure authenticated scan and scan assistant agents.
• Installing scan engines for large, segregated environments.
• Building custom templates based on business requirements.
• Scheduling scans and building reports.
• Implementing Rapid 7 Insight VM to meet the ACSC Essential 8 mitigation strategies applicable to Patch Operating Systems and Patch Applications.
• Ensure Rapid 7 Insight VM meets all ISM controls applicable to Essential 8 Maturity Level 1.
• An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities.
• A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.
• A vulnerability scanner is used at least daily to identify missing patches or updates for vulnerabilities in operating systems of internet-facing services.
• A vulnerability scanner is used at least fortnightly to identify missing patches or updates for vulnerabilities in operating systems of workstations, servers and network devices.
Mandatory Criteria
1. Demonstrated in depth knowledge of Insight Vulnerability Management on-premises implementation.
2. Demonstrate capability of implementing the IVM product to meet Essential 8 Maturity Level requirements.
Desirable Criteria
1. Demonstrated ability to improve design and advise and guide on optimised design considering all design capabilities (ie Scalability, performance etc).
2. Demonstrated ability to improve IVM configurations and advice on end-to-end Vulnerability Management process and best practice guide.