Cyber Security Investigator

  • Location:
    Pune, Maharashtra, India
  • Additional Location(s)
    Pune
  • Area of Interest
    Professional Services
  • Job Type
    Professional
  • Technology Interest
    *None
  • Job Id
    1027550
Cisco are always looking to identify talented people. If you are reading this posting then we may not have an open job right now, however it is highly likely we will in the future. If you are interested in working for Cisco in this capacity then please submit your details and CV or resume against this requisition so that when a suitable vacancy arises a Cisco representative can contact you directly.

"What You'll Do

As a Cybersecurity Investigator in the Active Threat Analytics SOC, you will work with intrusion analysis, anomalous behavior analysis, threat intelligence and emerging data science technologies to find threats as they arrive on the networks we are protecting. In this senior role, you will be entrusted with intimately advising Clients of threats and breaches, and you will lead and mentor Security Analysts and fellow Investigators across our global Team."

"Who You'll Work With
You will work with our global Team of security experts - Investigators, Analysts, Security Engineers, Threat Intelligence and Researchers to achieve one goal - find the threats and mitigate them using state-of-the-art approaches and techniques like nobody else in the industry can. You will maintain a thorough understanding of the Customer environment and reflect such knowledge in Customer tickets, guidance to staff, and in Customer briefings. You will remain up-to-date on active security threats and events across all industry sectors including financial, retail, medical, and energy. You will take responsibility of the Customer-facing communication within an assigned shift in the SOC, as well as interact with the global Active Threat Analytics Team using the latest and greatest collaboration technologies such as Spark, Webex, Telepresence and Jabber.

The detailed Cybersecurity Investigator tasks include:

* Conduct in-depth investigations into security breaches using all available tools within Customer environment, Cisco, and online:
* Review device logs, full packet capture, and all forms of telemetry to meaningfully interpret data
* Conduct online forensic investigations of devices (UNIX, Linux, Windows hosts and mobile platforms)
* Interview personnel to obtain information related to investigation
* Maintain up-to-date information in a secure case management system
* Identify and advise incident mitigation actions, using the following tools:
? null routing, Firewall ACL changes, DNS RPZ
? Next-Generation IPS, Web Security and Email Security
? Endpoint and Network Advanced Malware Protection systems
? account disabling and application offlining
* Resolve cases escalated from Security Analysts (either as escalated ticket to customer or resolving as false positive.)
* Resolve cases dispatched from Customers, maintain daily dialog with Customer on case until resolved
* Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business
* Vigilantly protect Customer data, ensuring proper handling and protection electronically, physically, and verbally
* Ensure assigned shift is covered personally or attended by an alternate Investigator
* Share incidents and intelligence via conference presentations, intelligence exchanges, informal mailing lists, and social media
* Mentor Analysts in investigative skills and customer communications
* Maintain quality assurance for all processes
* Conduct threat research to determine how Clients are affected by threats"

"Who You Are

To be successful in the senior role of Cybersecurity Investigator in the ATA SOC, you should have the following skills:
* BA/BS degree with 8-10 years of IT and/or security experience
o Incident Response Team and SOC experience a plus
* Cisco Next-generation IPS product certifications:
o Sourcefire Certified Expert (SFCE) a plus
o Sourcefire AMP Endpoint Specialist a plus
* Industry Analyst and Incident Handler certifications such as SANS GCIH and many others are a plus
* Cisco security certifications, such as CCNA/CCNP/CCIE Security and CCNA Cyber Security a plus
* Experience with Snort or other intrusion detection tools
* Experience with Bro and Suricata toolset
* Experience with NetFlow telemetry and flow analysis
* Experience with malware network and host analysis tools
* Experience with full-packet capture tools
* Experience with anomaly detection tools
* Familiarity with the latest malicious code trends, including experience with exploits, exploit kits and malware
* Own Security research, presentations and publications a plus

Additionally, we highly value the neessary soft-skills and mentality that helps to be successful in our highly demanding yet extremely rewarding SOC environment:

* Mentoring and teaching experience
* Excellent English, verbal and written
* Strong Teamwork mentality
* Demonstrated Customer Service, communications and troubleshooting skills
* Proven crisis management skills
* Experience with operations processes, such as ITIL, CMM, or Six Sigma

"
"Why Cisco

We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren't afraid to change the way the world works, lives, plays and learns.

We are thought leaders, tech geeks, pop culture aficionados, and we even have a few purple haired rock stars. We celebrate the creativity and diversity that fuels our innovation. We are dreamers and we are doers.

We Are Cisco. "

Apply on the Company Site