# CSA WAI security engineer includes managing the security posture, identifying and remediating vulnerabilities, performing threat modeling, and implementing threat protection.help you to translate organization's strategic requirements into actionable improvements in securing most valuable assets. Different services to organization * * Review and implement wide range of InfoSec paradigms * including the foundations of risk management * implementing processes and controls * designing information systems securely * managing the day-to-day activities required to ensure security is maintained in organization. * Auditing and reviewing the threat landscape * Security reviews and threat modeling * Security assessments * Red team * Purple team * Blue team * Tabletop exercises * Research and development * Security education and awareness training * Threat Intelligence * Coordinating with risk management groups and leadership * Security integration with engineering processes Responsibilities: * Cyber security standards * NIST CSF , CIS, CISA, Zero Trust, Defense in depth * To determine security requirements by evaluating business strategies * Researching information security standards * Application security and vulnerability management * Providing remediation recommendation upon vulnerability findings * Enforcing best practices * * Baseline architecture/standards and security controls * * Cloud * On premise * datacenter Frameworks * NIST Cyber Security Framework * ISO 27001 and ISO 27002 On Prem Network architecture * Network configurations * * VPN global protect * Cisco firewall * Switch configuration * VLAN Segmentation * Segmentation auditing * Servers * Routers * Access points * Which topologies we follow * Where are the datacenters * What is business continuity and DR plan * TCP/IP * OSI * IP v4 * IP v6 * DHCP * PAM * IPAM * SNMP * QOS cisco wireless * subnets * Network management protocols * Routing protocols * Security controls * SDN * Network management * * Fault * Configuration * Performance * Security * Accounting * Which topology to use for continuously changing and hybrid environment ? * Network down time management strategies Cloud network architecture Wireless network architecture * Secure Wi-Fi * Guest Wi-Fi * Wi-Fi protocols * Attacks on wireless devices DevSecOps Architecture * Multi cloud scenarios * Automation pipelines * Application security architecture, enforcing security policies and standards * Secure development life cycle * How to enforce application security and get more visibility * * Logs * Waf * Load balancer * Focus on Java and PHP * Top vulnerabilities * * IOT * OT * Web * API * Previously found scenarios * * XSS * SQL injection * IDOR * SSRF * Deserialization (python, java, PHP) * XXE Threat Modeling * New attacks/attack vectors * Risk assessment with architecture and business practices * Performing application security design reviews * New vulnerabilities and exploitation methods * Attack surface analysis and reduction * Targeting from * * External web Apps * Services * Assets * Phishing * Third party Reverse engineering/binary analysis: * Firm ware * Ghidra static analysis * Angr * BAP * AFL Applications * Compilers * * Types of compilers * Code changes * Interpreters IOT/embedded systems security * Best practices * Secure boot * Secure debug * Secure storage * Secure communication * Using digital twin to protect the IOT/OT and critical operations * Anti-debugging and anti reverse engineering Red Team scenarios * Phishing email Modiska * Subdomain enumeration, .git Malware analysis * Ghidra * How malwares evade and hide Vulnerability Management Networking: * Fundamentals * VPN * IDS * Routing and Switching Cloud Security * AWS * Azure * GCP Dataloss prevention: * DLP, AIP Automotive standards * Iso sae21434 : , * ISO Sae j3101 AWS * S3 buckets - exposure Grayhat Warfare. * Lamda * EC2 * VPC * Aws cli * AWS API Gateway * connections outside of the VPC via a VPN * AWS inspector : for vulnerability analysis; runs automated security assessments on the EC2 instances Questions: \- * different pen testing stages and strategies * What is threat modeling ? How to conduct and develop threat modeling for external facing web apps ? Mobile applications ? * How to develop threat modeling referring to PCI DSS standards * What is vulnerability * How to audit true positive and false positive * What is vulnerability management and assessment * CISA know vulnerability list * Federal department external pentest and scans * What are most recent vulnerabilities targeting * * Winword * Outlook * Log4j * What are remediation strategies * Who are APT groups and who targets your industry ASV * ASN * Domain reverse/cert/subdomain * Masscan options * Namp Ref WAF * Imperva * F5 Most common vulnerabilities Responsibilities Security Operations and Engineering * Develop * Implement * Maintenance Security controls * End point detection and response * SIEM * Security automation * Vulnerability Management Communicate with asset holders and stake holders * Inventory Management * * Cloud * IOT * On prem * SOAR/SIEM/VM * Continuous optimization tuning and monitoring platforms * Develop security playbooks * * Windows os * Ad * Azure active directory * Security components * Log management * * On prem * Cloud logging * Heavy forwarders * Cloud services logging * Reliable log forwarding * Daily monitoring and health of systems * Security baseline * Scripts to retrieve and perform actions on windows systems * Soar integrations and api * Group policies * DNS * Load balancing techniques * SSO * MFA --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://moharat.gitbook.io/cylabs/radom-topics/csa-wai.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.