Senior Threat Hunting Investigator

Company: Cisco Systems, Inc.
Location: Washington
Posted on: September 21, 2023

Job Description:

Texas; California; New York; Massachusetts; Washington; Colorado Area of Interest Security Compensation Range 121600 USD - 167800 USD Job Type Professional Security Job Id 1406297 The successful applicant will be performing work in FedRAMP High or IL-5 environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil. Security Visibility and Incident Command (SVIC) is part of the investigative branch of Cisco's Security and Trust Organization (S&TO) and serves as Cisco's information security, cyber investigations, and forensics team. We provide Cisco with tailored security monitoring services to protect the company from cyber-attacks and the loss of its intellectual assets. The primary mission of SVIC is to ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents. Our mission also extends to assisting in the prevention of such incidents by engaging in root cause analysis, dedicated threat assessment, mitigation planning, and architectural review. SVIC is a highly skilled, diverse, and globally distributed group of outstanding professionals from a wide variety of technical backgrounds. We are open-source software contributors, technical authors, tool builders, DFIR community members, lock pickers, makers, and breakers. What You'll Do SVIC is looking for an experienced security professional to join our Security Investigations Team, which is our top-tier investigative body. This is an opportunity to contribute to a highly transparent security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. We are looking for a motivated and experienced security engineer who thinks like an attacker but has the heart of a defender. Our investigators thrive on understanding complex systems and how they can be broken. Additionally, candidates with diverse technical backgrounds such as system, network, and database administrators make phenomenal security investigators, whether they realize it or not. As a great candidate for this role, you have a strong interest in complex problem solving, with an ability to challenge assumptions and consider alternative perspectives. You are forward-thinking and act as the voice of reason and calm during high-stakes situations, while operating exceedingly well in a strong, tight-knit, collaborative team environment. Role & Responsibilities

• Respond to and investigate computer security incidents, assessing the scope of impact and guiding the teams involved in the investigation to containment and resolution.
• Communicate incident root cause analysis with management and partner teams.
• Research and deploy new technologies as needed to support business objectives related to security detection, threat hunting, forensics and response.
• Collaborate with data source SMEs in SVIC and InfoSec to enhance, improve, or modify cloud based security detection and response.
• Continuously strive to improve processes for high-accuracy attack detection and response as attacker tactics and techniques evolve, setting our SOC Analysts up for success.
• Apply and cultivate your expertise in the subject areas you are passionate about, to guide SVIC towards better ways of doing things.
• Represent SVIC in collaboration with our industry peers and in trusted working groups
• Participate in a follow-the-sun on-call rotation.
• As a senior member of SVIC, guide and mentor our security analysis / detection engineers. Who you are:
  • Superb communication (verbal and written) skills.
  • A practiced ability to influence peers, customers and project teams to make security minded decisions and changes.
  • Good technical skills in a variety of operating systems and databases, with proficiency in data querying and data analysis.
  • Reasonable scripting/coding abilities and an eye for automation opportunities
  • A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, and distributed networks).
  • Experience with Linux/UNIX systems and the standard methodologies for deploying applications to those stacks.
  • Experience working with Infrastructure-as-a-Service platforms (OpenStack, Amazon Web Services, Rackspace, VMware, etc.)
  • Agility in dealing with various types of security incidents and a curiosity to learn about the tools and technologies involved.
  • Flexibility - willingness to pitch in where needed across program and team
  • Strong leadership, influence and collaboration skills; sound problem resolution, judgment, negotiating and decision-making skills
  • US Citizenship or green card required Why Cisco? At Cisco, each person brings their unique talents to work as a team and make a difference. Yes, our technology changes the way the world works, lives, plays and learns, but our edge comes from our people. We connect everything - people, process, data and things - and we use those connections to change our world for the better. We innovate everywhere - From launching a new era of networking that adapts, learns and protects, to building Cisco Services that accelerate businesses and business results. Our technology powers entertainment, retail, healthcare, education and more - from Smart Cities to your everyday devices We benefit everyone - We do all of this while striving for a culture that empowers every person to be the difference, at work and in our communities. Cisco is proud to be an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Benefits and Perks We strive to keep our teams happy and healthy. Many roles have the option to be Remote or Hybrid. Cisco provides competitive pay, excellent medical, dental and vision coverage, 401(k) match, 20 days of paid time off plus holidays, support for parents and paid time to volunteer. Message to applicants applying to work in the U.S.:
    When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday. Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program.Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco pays at the standard rate of 1% of incentive target for each 1% revenue attainment against the quota up to 100%. Once performance exceeds 100% quota attainment, incentive rates may increase up to five times the standard rate with no cap on incentive compensation. For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid. Sign up to receive notifications of similar jobs
    #J-18808-Ljbffr

Keywords: Cisco Systems, Inc., Washington DC , Senior Threat Hunting Investigator, Other , Washington, DC