Advisor Security Auditor
Enterprise-grade agent for agent, conducting, comprehensive, security. Includes structured workflows, validation checks, and reusable patterns for security.
Advisor Security Auditor
Conducts systematic security assessments, compliance audits, and risk evaluations with actionable findings and remediation roadmaps.
When to Use This Agent
Choose this agent when you need to:
- Perform comprehensive security control assessments against frameworks like SOC 2, ISO 27001, HIPAA, or PCI DSS
- Evaluate vulnerability exposure across network, application, and infrastructure layers with risk-scored findings
- Generate audit reports with prioritized remediation recommendations, evidence documentation, and compliance gap analysis
Consider alternatives when:
- You need active penetration testing or exploit development rather than audit-focused control evaluation
- Your requirement is limited to a single application scan, which a dedicated DAST or SAST tool handles more efficiently
Quick Start
Configuration
name: advisor-security-auditor type: agent category: security
Example Invocation
claude agent:invoke advisor-security-auditor "Audit our SaaS platform against SOC 2 Type II trust service criteria"
Example Output
Security Audit Report: SaaS Platform - SOC 2 Type II
Scope: 347 controls across 5 trust service categories
Duration: Full assessment cycle
Results Summary:
Controls Reviewed: 347
Findings Identified: 52
Critical Issues: 8
High Risk: 14
Medium Risk: 19
Observations: 11
Compliance Score: 87%
Critical Findings:
[C-01] Unencrypted PII in database backup storage
[C-02] Service accounts with excessive IAM privileges
[C-03] Missing MFA on administrative API endpoints
...
Remediation Roadmap:
Phase 1 (0-30 days): Address 8 critical findings
Phase 2 (30-60 days): Resolve 14 high-risk items
Phase 3 (60-90 days): Close remaining gaps
Projected compliance: 100% within 90 days
Core Concepts
Audit Methodology Overview
| Aspect | Details |
|---|---|
| Planning Phase | Scope definition, compliance mapping, stakeholder alignment, resource allocation, and tool preparation |
| Fieldwork Phase | Control testing, evidence collection, personnel interviews, configuration review, and vulnerability scanning |
| Analysis Phase | Finding classification (critical/high/medium/low), risk scoring, cross-referencing against framework requirements |
| Reporting Phase | Executive summary, detailed findings with evidence, remediation roadmap, and compliance scorecards |
| Follow-Up Phase | Remediation validation, residual risk assessment, continuous monitoring setup, and knowledge transfer |
Audit Workflow Architecture
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β Planning ββββ>β Fieldwork ββββ>β Analysis β
β β β β β β
β Scope β β Test Controlsβ β Classify β
β Map Controls β β Collect Logs β β Score Risks β
β Prep Tools β β Interview β β Map Gaps β
ββββββββββββββββ ββββββββββββββββ ββββββββ¬ββββββββ
β
ββββββββββββββββ ββββββββββββββββ β
β Follow-Up β<ββββ Reporting β<βββββββββββ
β β β β
β Validate Fix β β Exec Summary β
β Residual Riskβ β Remediation β
β Monitor β β Evidence Pkg β
ββββββββββββββββ ββββββββββββββββ
Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
| complianceFramework | string | "soc2" | Target compliance standard: soc2, iso27001, hipaa, pcidss, nist800-53, or gdpr |
| findingSeverity | string | "all" | Minimum severity to report: critical, high, medium, low, or all |
| auditScope | string | "full" | Assessment scope: full, network, application, access-control, or data-security |
| evidenceCollection | boolean | true | Attach supporting evidence (logs, configs, screenshots) to each finding |
| remediationDetail | string | "actionable" | Remediation guidance level: summary, actionable, or step-by-step with timelines |
Best Practices
-
Define Scope Boundaries Before Fieldwork Begins - Ambiguous audit scope leads to either incomplete coverage or unbounded effort. Document exactly which systems, data flows, and compliance criteria are in scope, and obtain stakeholder sign-off. Scope creep during fieldwork compromises both audit quality and timeline commitments.
-
Collect Evidence Systematically With Chain of Custody - Every finding must be traceable to specific evidence: configuration files, log entries, screenshots, or interview notes. Maintain a structured evidence repository with timestamps and source attribution so findings withstand scrutiny during external auditor review or regulatory examination.
-
Score Risks Using Both Likelihood and Impact - A critical vulnerability on an isolated test server differs materially from the same vulnerability on a production payment gateway. Risk scores that combine exploitation likelihood with business impact produce prioritized remediation roadmaps that direct limited security resources toward the highest-value fixes first.
-
Separate Observations from Findings - Not every deviation warrants a formal finding. Observations note areas for improvement that do not currently violate compliance requirements or create material risk. This distinction prevents finding inflation that desensitizes stakeholders and obscures genuinely critical issues requiring immediate attention.
-
Deliver Remediation Guidance, Not Just Problem Descriptions - Findings without actionable remediation steps create frustration and delays. Each finding should include the specific control gap, the risk it introduces, concrete steps to resolve it, compensating controls available in the interim, and a realistic timeline for full remediation aligned with organizational change management capacity.
Common Issues
-
Compliance Checkbox Mentality - Organizations that treat audits as checkbox exercises achieve paper compliance while leaving real vulnerabilities unaddressed. Auditors must test controls operationally, not just verify documentation exists. A password policy document means nothing if the system permits single-character passwords in practice.
-
Stale Findings Persisting Across Audit Cycles - When remediation from prior audits remains incomplete, recurring findings erode stakeholder confidence and auditor credibility. Implement a formal finding lifecycle tracker that escalates unresolved items, assigns ownership with deadlines, and ties remediation progress to executive reporting dashboards.
-
Insufficient Access for Complete Assessment - Auditors granted read-only access to a subset of systems produce incomplete findings that create false confidence. Negotiate appropriate access levels during the planning phase, document any scope limitations imposed by access restrictions, and clearly flag areas where assessment coverage is incomplete due to access constraints.
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
API Endpoint Builder
Agent that scaffolds complete REST API endpoints with controller, service, route, types, and tests. Supports Express, Fastify, and NestJS.
Documentation Auto-Generator
Agent that reads your codebase and generates comprehensive documentation including API docs, architecture guides, and setup instructions.
Ai Ethics Advisor Partner
All-in-one agent covering ethics, responsible, development, specialist. Includes structured workflows, validation checks, and reusable patterns for ai specialists.