Cybersecurity & Privacy
Understanding the security risk posture and privacy needs of information assets is a challenge for many organizations. Technalink uncovers system and data protection gaps for assessment, remediates vulnerabilities, and mitigates risks to stay ahead of changing threat factors that leave organizations vulnerable to attacks.
Our suite of complementary cybersecurity & privacy services strengthens every aspect of your organization and safeguards against advanced threats. Technalink holds GSA SIN 54151HACS contract delivering cybersecurity services to Federal agencies in all five cybersecurity subcategories: Risk and Vulnerability Assessment (RVA), Security Architecture Review (SAR), Systems Security Engineering (SSE), Incident Response, and Cyber Hunt.
Security Architecture and Engineering
- Architect, plan, design and implement Zero Trust identity protection solutions with identity access management (IAM) and Privileged Access Management (PAM) tools.
- Create a Master User Record (MUR) to enforce Zero Trust user access and authorization policies by integrating SailPoint and CyberArk Continuous Diagnostic Mitigation (CDM) tools with identity management systems.
- Engineer and implement endpoint detection and response (EDR) CDM devices including Carbon Black to discover, monitor, and block active threats to assets.
- Evaluate, architect, and implement Zero Trust network solutions to validate and enforce access control policies for application web sessions and endpoint devices.
24/7 SOC Security Analyst and Incident Response
- Monitor and analyze security events and alerts from Security Information Event Management (SIEM) dashboards, network sensors, data stores, and endpoint logs.
- Capture event logs from edge network data sources to create a Common Information Model (CIM) using Elasticsearch and Splunk tools to normalize, analyze, visualize correlated data within CDM dashboards to locate and track attacks.
- Build incident response program playbooks using MITRE ATT&CK Framework methods to recognize adversarial tactics, techniques, and procedures (TTPs).
- Conduct cyber hunt campaigns to locate asset exposure to current cybersecurity threats and configure dashboard alerts to recognize future threat patterns.
Risk & Vulnerability Assessment
- Conduct risk assessments Evaluate proper functioning of systems security & privacy controls to meet FISMA compliance requirements.
- Automate and correlate vulnerability assessment scans using MS Excel macros to measure risks and threats to high value assets (HVAs) using Nessus, Fortify, WebInspect, and DbProtect scan tools.
- Provide dedicated ISSO support resources to maintain and update ATOs, POA&Ms, and conduct risk assessments.
- Develop Risk Management Framework (RMF) system security plans (SSP) to categorize, implement, assess, authorize, and monitor security and privacy controls.
Privacy Compliance & Engineering
- Develop, update, and evaluate privacy risks using PTA, PIA, and SORN documentation to meet FISMA and NARA privacy compliance needs.
- Engineer and implement privacy control policies to meet privacy impacts throughout SDLC to inventory, classify, label, and track privacy data throughout the enterprise.
- Manage privacy protections for personally identifiable information (PII) and Protected Health Information (PHI) throughout data lifecycle and authorized release.
- Evaluate and implement microservices tools to enhance security throughout the software development lifecycle (SDLC) using automated processes that optimize efficiency, reduce administration burden, and control DevSecOps costs.
- Identify privacy risks and apply Privacy by Design (PbD) principles into DevSecOps pipelines using Privacy-As-Code (PaC) engineering techniques.
- Configure DevSecOps security design and testing tools to enable threat modeling, secure code quality assurance (SQA), static and dynamic analysis security testing (SAST/DAST), and container security.
- Implement continuous authority to operate (C-ATO) processes to quickly mitigate risks from delivery feature changes, environmental changes, and evolving security threats.