Technical Consulting Engineer @ Cisco

Meet the Team

The Security Operations Center (SOC) Security Investigator is responsible for investigating and responding to security issues within customer environments. Cisco Managed Security Services is looking for a Security Investigator who can analyze security events generated from network analytics, endpoint protection, and other security suites to determine the severity and outcome of any threats detected. The Security Investigator will provide remediation actions to the client based on the impact of these threats up to and including taking proactive responses for high priority events.

You must be able to accurately identify and prioritize events, translate technical solutions for an audience of varying technical knowledge, and make customer impacting recommendations with the goal of ensuring customer satisfaction. l>

Your Impact

• Take ownership of and conduct in-depth investigations into security events
• Document security investigations in a clear and concise manner
• Ensure that incoming client requests are addressed and worked in a timely manner
• Assist clients to address security incidents in an expedited manner
• Proactively hunt for suspicious or malicious activity not detected via automated alerts
• Work as a member of a team to prioritize incoming automated security events based on the impact and urgency of the events
• Provide knowledge sharing with the rest of the team
• Utilize threat intelligence to enrich and qualify security events
• Maintain knowledge of new tactics, techniques and procedures (TTP) in customer verticals
• Identify processes and procedures that are candidates for automation

Minimum Qualifications

• Relevant degree in a technical field (Computer Science / Computer Engineering / Cybersecurity / Computer Networking) or related discipline with 9+ years equivalent experience
• Familiarity with incident handling, incident response frameworks, guidelines, and best practices (NIST, ISO, etc.)
• Passion for IT Security and staying up-to-date with current TTP's
• Experience with threat intelligence and open source threat intelligence
• Knowledge of enterprise network and computer environments and the common protocols and applications in these environments

Preferred Qualifications

• Suggested certifications (OSCP,Sec+, CCIE - Security , CySA+,CCNA CyberOps, GCIH, GCIA, GCFA, GCFE, CEH)
• Working knowledge of Splunk admin and play book tuning
• Familiarity with MITRE ATT&CK framework
• Experience with a scripting/automation language (Python, BASH)