Application window is expected to close on 09/30/2024.

Existing or previous Government Security Clearance is required with ability to obtain TS/SCI.

Work must be completed onsite in a secure space at our RTP office. No Hybrid or Remote.

Who we are: 

Cisco's Security Visibility and Incident Command (SVIC) forms part of the investigative branch of Cisco's Security and Trust Organization (S&TO) and is Cisco's cyber investigations and forensics team. It provides Cisco with tailored security monitoring services in order to protect Cisco from cyber-attacks and the loss of its intellectual assets. The primary mission of SVIC is to help ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents, and to give to the prevention of such incidents by engaging in dedicated threat assessment, mitigation planning, incident trend analysis, and security architecture review. 

Who you ll work with:

The Security Visibility and Incident Command is a highly-functioning, diverse, and globally distributed group of best-in-class professionals from various technical backgrounds. We're Open-Source Software contributors, technical authors, tool builders, DFIR community members, lock pickers, makers, and breakers.

Who you Are:

SVIC is looking for an experienced security professional to join the Computer Security Incident Response Team. This is an opportunity to contribute to a highly transparent security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. We are looking for a motivated individual with good team fit and the ability to focus on data security and incident analysis. You have a very strong interest in complex problem solving, ability to challenge assumptions, consider alternative perspectives, nimble thinking and perform in high-stress situations, while operating exceedingly well in a strong, tight-knit, collaborative team environment.

What you ll do :

Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).Assist with setup and tuning of multiple security monitoring products and data feedsCollaborate with data source SMEs in SVIC and InfoSec to enhance, improve, or modify cloud (IaaS, SaaS, etc) based security detection and response.Update, modify, and enhance existing programs used for security detection and response.Develop documentation on all custom solutions.Identify attackers and their methods, but also use your IT and networking expertise to improve detection logic.Occasional travel (<10%)

Attack Analysis:

Attacker Tools, TTPsLog Analysis (System, Firewall, Application

Cyber Threat Intelligence:

Threat HuntingIntelligence AnalysisAttacker MethodologyIndustry Peer Collaboration & Information Sharing

Incident/Investigations Handling:

CyberSecurity Impact AssessmentCyberSecurity Problem ManagementAutomation/SOARRoot Cause ID / LTF

Minimum Qualifications-

4 + years of Cybersecurity or IT security related work experience.Python scripting/coding experience Experience with any three or more of the following tools: Splunk, CSE(AMP4E), Network AMP, WSA, Firepower IPS, NGFW, ESA, CTA, Threat-Grid, Stealthwatch, Umbrella, SecureX, OSQuery, Threat-Quotient, MISP, Recorded-Future, Volatility, Powershell, Wireshark, Encase, Tableau, TheHiveMust have Experience with Log Analysis (System, Firewall, Application)

Preferred Qualifications-

Good technical skills in a variety of operating system, languages, and databasesExperience with any of the following - Go, Java, JavaScript, SQL, MySQL, STIX/TAXII, MITRE ATT&CKCertifications GSEC, GCIA, GISF, GCED, GCFA, GCFE, GREM, GCTI, GASF, GCEH, CISSP, CCSP OR SSCPCloud experience with AWS or Azure.Agility and willingness to deal with a high level of ambiguity and changeFlexibility – willingness to pitch in where needed across program and team

Why Cisco? 

#WeAreCisco. We are all unique, but collectively we bring our talents to work as a team, to develop innovative technology and power a more inclusive, digital future for everyone. How do we do it? Well, for starters – with people like you!

Nearly every internet connection around the world touches Cisco. We’re the Internet’s optimists. Our technology makes sure the data traveling at light speed across connections does so securely, yet it’s not what we make but what we make happen which marks us out. We’re helping those who work in the health service to connect with patients and each other; schools, colleges, and universities to teach in even the most challenging of times. We’re helping businesses of all shapes and sizes to connect with their employees and customers in new ways, providing people with access to the digital skills they need and connecting the most remote parts of the world – whether through 5G, or otherwise.

We tackle whatever challenges come our way. We have each other’s backs, we recognize our accomplishments, and we grow together. We celebrate and support one another – from big and small things in life to big career moments. And giving back is in our DNA (we get 10 days off each year to do just that).

We know that powering an inclusive future starts with us. Because without diversity and a dedication to equality, there is no moving forward. Our 30 Inclusive Communities, that bring people together around commonalities or passions, are leading the way. Together we’re committed to learning, listening, caring for our communities, whilst supporting the most vulnerable with a collective effort to make this world a better place either with technology, or through our actions. 

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us! #WeAreCisco