Leader, Security
Cisco
Application window is extended till 10/27/2024.
Existing or previous Government Security Clearance is required with ability to obtain TS/SCI.
Work must be completed onsite in a secure space at our RTP office. No Hybrid or Remote.
Who we are:
Ciscos Security Visibility and Incident Command (SVIC) forms part of the investigative branch of Ciscos Security and Trust Organization (S&TO) and is Ciscos cyber investigations and forensics team. It provides Cisco with tailored security monitoring services in order to protect Cisco from cyber-attacks and the loss of its intellectual assets. The primary mission of SVIC is to help ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents, and to give to the prevention of such incidents by engaging in dedicated threat assessment, mitigation planning, incident trend analysis, and security architecture review.
Who you ll work with:
The Security Visibility and Incident Command is a highly-functioning, diverse, and globally distributed group of best-in-class professionals from various technical backgrounds. Were Open-Source Software contributors, technical authors, tool builders, DFIR community members, lock pickers, makers, and breakers.
Who you Are:
SVIC is looking for an experienced security professional Leader to join the Computer Security Incident Response Team. This is an opportunity to contribute to a highly transparent security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. We are looking for a motivated individual with good team fit and the ability to focus on data security and incident analysis. You have a very strong interest in complex problem solving, ability to challenge assumptions, consider alternative perspectives, nimble thinking and perform in high-stress situations, while operating exceedingly well in a strong, tight-knit, collaborative team environment.
What you ll do :
Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
Assist with setup and tuning of multiple security monitoring products and data feeds
Collaborate with data source SMEs in SVIC and InfoSec to enhance, improve, or modify cloud (IaaS, SaaS, etc) based security detection and response.
Update, modify, and enhance existing programs used for security detection and response.
Develop documentation on all custom solutions.
Identify attackers and their methods, but also use your IT and networking expertise to improve detection logic.
Occasional travel (<10%)
Attack Analysis:
Attacker Tools, TTPs
Log Analysis (System, Firewall, Application
Cyber Threat Intelligence:
Threat Hunting
Intelligence Analysis
Attacker Methodology
Industry Peer Collaboration & Information Sharing
Incident/Investigations Handling:
CyberSecurity Impact Assessment
CyberSecurity Problem Management
Automation/SOAR
Root Cause ID / LTF
Minimum Qualifications-
6 years of Cybersecurity or IT security related work experience.
Python scripting/coding experience
Experience with any three or more of the following tools: Splunk, CSE(AMP4E), Network AMP, WSA, Firepower IPS, NGFW, ESA, CTA, Threat-Grid, Stealthwatch, Umbrella, SecureX, OSQuery, Threat-Quotient, MISP, Recorded-Future, Volatility, Powershell, Wireshark, Encase, Tableau, TheHive
Must have Experience with Log Analysis (System, Firewall, Application)
Preferred Qualifications-
Good technical skills in a variety of operating system, languages, and databases
Experience with any of the following – Go, Java, JavaScript, SQL, MySQL, STIX/TAXII, MITRE ATT&CK
Certifications GSEC, GCIA, GISF, GCED, GCFA, GCFE, GREM, GCTI, GASF, GCEH, CISSP, CCSP OR SSCP
Cloud experience with AWS or Azure.
Agility and willingness to deal with a high level of ambiguity and change
Flexibility – willingness to pitch in where needed across program and team
Why Cisco?
Were global, were adaptable, were diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security? Those are only a few of our product teams! The only thing were missing is YOU.
Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We #InnovateToWin and we know were better together, thats why were dedicated to inclusivity, collaboration, and diversity in everything we do.
Were proud to be the Best Small and Mid-Size Enterprises Security Solution Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and were excited to see the new heights well reach with your passion for security, your customer focus, and your desire to change things up!
There are so many amazing reasons to join Cisco. Learn more [1] here!
#STO25
References
Visible links
1. https://www.cisco.com/c/en/us/about/careers/we-are-cisco.html
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.