Threat Hunting Analyst:

Cisco InfoSec is looking for a full time Information Security Analyst for Cisco's global Computer Security Incident Response Team (CSIRT). CSIRT reduces the risk of loss as a result of security incidents for Cisco-owned businesses. CSIRT regularly engages in proactive threat assessment, mitigation planning, incident detection and response, incident trending with analysis, and security architecture.

CSIRT prefers a college graduate with IT technical experience in one or more of the following fields:

Network, Systems (Windows or Unix) or Cloud administration (AWS/GCP/Azure) Enterprise Identity Management Web Application Development  Security Operations Center incident handling/management/coordination SIEM technologies ideally Splunk Detection Engineering Pipeline (and the development of detection rules) Data Engineering Pipeline (and the onboarding of data for use for detections) Strong understanding of  incident response, malicious code/exploits, anti-virus, etc. Understanding of computer forensics Automation Scripting (Python) Threat Intelligence Attack Surface Risk Management

QUALIFICATIONS

The successful candidate should have the following qualifications:

Worked in a high pressure Global SOC environment handling incidents Familiar with Windows exploits, malware and malicious code trends Willing to work off-hours including rotational on-call shifts Demonstrate interest and knowledge of security trends and latest attacker activity Hands on experience with one or more areas of the following areas: IT Infrastructure services (DNS, Web Servers, Email, etc…) Networking Identity (Active Directory, Okta, Duo, Ping, Azure AD) Cloud Administration (AWS, Azure, Azure) Systems Administration (Linux, Windows) Familiar with Modern Cloud Applications and technology. Experience with SIEM tools e.g. Splunk and ideally Splunk Enterprise Security. Experienced ability to create SIEM Detection Rules based on latest Threats. Demonstrate good customer service, communications, and troubleshooting skills. 

The ideal candidate will have a very strong interest in complex problem solving, ability to challenge assumptions, consider alternative perspectives, think quickly and perform in high-stress situations, while operating exceedingly well in a strong, tight-knit, collaborative team environment. 

Education
Degree in IT / CS / MIS / Information Security or equivalent operational experience. Post graduate degrees a plus.

 

RESPONSIBILITIES

The CSIRT Analyst will sustain and improve usage of network security tools to support of CSIRT's security monitoring and incident response services. CSIRT deploys and supports network IDS, proxy-based malware filtering solutions, host intrusion prevention tools, log management and analysis, device syslog processing, and network traffic inspection tools. CSIRT develops custom integration tools for interfacing with Cisco infrastructure, security tools, and for conducting security investigations.

The core responsibilities of the CSIRT analyst are:

 Monitor and Respond to Security Alerts:

Continuously monitor security alerts and incidents using Splunk and other security tools. Perform thorough analysis and investigation of security incidents to determine their scope and impact. Coordinate with other IT and security teams to remediate incidents effectively.

Develop and Implement Detection Strategies:

Create and fine-tune Splunk detections to identify potential security threats and anomalies. Develop and maintain custom detection rules, alerts, and dashboards in Splunk. Ensure detections are comprehensive, accurate, and provide actionable intelligence.

Stay Ahead of Emerging Threats:

Keep up-to-date with the latest cyber threats, attack vectors, and security trends. Develop and implement new detection techniques to address emerging threats. Conduct regular threat hunting activities to proactively identify potential vulnerabilities.  

Technical Skills and Expertise:

Utilize your broad technology skill set to address security challenges across various platforms, including modern cloud environments (e.g., AWS, Azure, Google Cloud). Apply your development skills to create automation scripts and tools to enhance SOC operations. Collaborate with IT and DevOps teams to ensure security is integrated into the development lifecycle.

In addition, the CSIRT Analyst will be accountable for the following:

 

Escalate to CSIRT investigators and external support teams to assist in analysis and event resolution. Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation). Inform higher-level priorities, improvements and problem resolutions to improve effectiveness of Cisco CSIRT & InfoSec. Constructively challenge and improve existing tools, processes and procedures. Assist CSIRT with continued enhancement of Cisco's security tools. Develop and execute security controls, defences and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Conduct vulnerability assessments of applications, operating systems and/or networks. Respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access. Research and evaluate cybersecurity threats and perform root cause analysis. Assist in the creation and implementation of security solutions. Learn quickly on the job as CSIRT tackles security solutions for various environments & technologies, including cloud technologies, that may be new to you and others on the team Provide information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems. #STO25