IT Security Baseline (Observability & AIOps) Consultant

1. Objective

Develop a security baseline checklist for each Observability & AIOps application aligned with the Secure Baseline Standard (SBS)

Build automated scripts to continuously validate compliance and detect configuration drift from approved security baselines.

2. Scope of Work

Applicable to all Observability products registered under IT Asset Management:

Broadcom DX UIM, Elasticsearch, SolarWinds, Cisco AppDynamics, IR Prognosis, Logstash, Grafana, Kibana, SendQuick.

Covers Production and DR environments as per SBS scope (UAT/SIT excluded due to isolated/non‑sensitive nature).

Out of scope: OS patching, malware defences, or platform-level security controls.

3. Deliverables

3.1 Security Baseline Checklists (per Application)

Develop a product‑specific checklist mapping all required CIS controls (Data Protection, Configuration, Account Management, Access, Audit Logging, Software Security).

Document required configuration parameters such as:

ACLs and RBAC definitions

TLS/HTTPS requirements

Data encryption parameters

Default account removal

Plugin/service disablement

DNS hardening settings

Logging and NTP/time‑sync requirements

Secrets management controls

Approved components and environment segregation requirements

3.2 Automated Compliance & Drift‑Detection Scripts

Build custom scripts (from scratch) for each application to validate compliance against the baseline checklist.

Script functions include:

Verification of security‑critical configuration files and parameters

Detection of unauthorized services or plugins

Validation of encryption settings for data in transit and at rest

Checks for stale user or service accounts

Verification of RBAC permissions against approved roles

Confirmation of correct DNS, logging, and time‑sync settings

Scripts generate compliance reports and flag deviations for remediation.

3.3 Integration with Existing Processes

Align script output and reporting with SCM periodic review cadence.

Enable plug‑in alignment with existing monitoring or AIOps dashboards where applicable.

4. Approach & Methodology

Assessment Phase: Analyse each product’s architecture, deployment model, and security requirements.

Script Design & Build: Develop modular, reusable, and environment‑appropriate scripts for each tool.

Validation & Testing: Execute scripts in DR and Prod environments; refine based on operational results.

Handover & Documentation: Deliver runbooks, baseline documentation, and script maintenance guides.

5. Expected Outcomes

Consistent, auditable security posture across all Observability & AIOps platforms.

Elimination of configuration drift through automated, repeatable validation checks.

Improved compliance with Bank-wide security standards and regulatory expectations.

Reduction in operational risk through early detection of misconfigurations and deviations.

Skills/Requirement:
Education & Experience

• Bachelor’s degree in information security, Computer Science, Engineering, or related field.
• 3–7 years of experience in IT Security operations, observability & AIOps platforms.
• Experience in developing security baseline checklist for Observability & AIOps.
• Previous experience in Broadcom DX UIM, Elasticsearch, SolarWinds, Cisco AppDynamics, IR Prognosis, Logstash, Grafana, Kibana, SendQuick.

Technical Skills

• Strong knowledge of operating systems (Windows, Linux, Unix) and their hardening practices.

Soft Skills

• Strong analytical and problem-solving abilities.
• Excellent communication skills for cross-team collaboration.
• Ability to work independently and manage multiple priorities.
• Strong attention to detail with a focus on accuracy and quality.

Interested candidates, who wish to apply for the above position, please send in your resume [email protected] 

We regret to inform that only shortlisted candidates will be contacted

PERSOL Singapore Pte Ltd EA License No. 01C4394 EA Reg No: R24123179 (Ajay Sharma)

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOL Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.persolsingapore.com/policies. You acknowledge that you have read, understood, and agree with the Privacy Policy.