Database Security & Hardening Specialist

• Company Introduction: We are a healthcare technology company that handles highly sensitive patient data. Our legal and ethical obligations require us to maintain the highest level of data security and comply with regulations like HIPAA.
• The Challenge: We have concerns about the security posture of our databases. We need a professional to conduct a thorough security audit to identify vulnerabilities, implement robust security measures, and ensure compliance with industry standards. The current setup lacks proper access controls, encryption, and audit trails.
• Objective: The goal is to perform a comprehensive security audit of our databases, harden them against potential threats, and establish a security framework that ensures compliance and protects our sensitive data.

• Core Tasks:
  • Conduct a full security audit of our databases (e.g., MySQL, MSSQL), focusing on access controls, permissions, and configuration.
  • Implement data encryption both at rest and in transit.
  • Configure and secure user accounts and roles, enforcing the principle of least privilege.
  • Set up a real-time monitoring and alerting system for suspicious database activities.
  • Develop and implement a comprehensive backup and recovery strategy with a focus on data integrity and security.
  • Provide a support and maintenance plan for ongoing security monitoring and incident response.
  • Generate a detailed report of findings and provide clear, actionable steps for remediation and compliance.

• Technical Expertise:
  • Extensive experience in database security auditing and hardening.
  • Expertise with multiple database systems (e.g., MySQL, PostgreSQL, Microsoft SQL Server).
  • Deep knowledge of data encryption methods, access control lists (ACLs), and compliance standards (e.g., HIPAA, GDPR).
  • Proficiency with security tools for vulnerability scanning and penetration testing.
  • Relevant certifications (e.g., CISSP, CISM, CDPSE) are highly desirable.

• High level of integrity and professional ethics when handling sensitive data.
• Excellent report writing and documentation skills.
• Strong communication skills to explain security risks to both technical and non-technical stakeholders.

• Tangible Outputs:
  • A comprehensive database security audit report.
  • A documented security hardening plan and the implemented changes.
  • A backup and recovery strategy.
  • A final report confirming compliance and security posture.

• Instructions:
  • Submit a cover letter detailing your experience in database security and compliance.
  • Provide a portfolio or case study of a past project.
  • State your hourly rate for this engagement.

Skills

• Technical: Database Security, MySQL, MSSQL, PostgreSQL, Encryption, HIPAA, GDPR, Backup and Recovery, Vulnerability Scanning.
• Soft: Ethics, Documentation, Problem-solving, Communication.