Security Incident Responder

Company: Cisco Systems, Inc.
Location: Raleigh
Posted on: March 18, 2023

Job Description:

Cisco's Customer & Partner Experience (CPX) organization is one of the fastest growing and most innovative teams, crafting a first-in-class digital experience that delights our customer and partners. The CX Cloud Security team drives world-class security controls across all aspects of the ecosystem we design, build and operate to improve customer trust. We believe that security is everyone's job in Cisco, and we embed this belief every day through our core values: transparency, a risk-based approach, accountability, and an empowered team. What You'll Do You'll respond to security incidents and analyze and correlate log data with the assistance of teammates. You'll report findings to leadership and other internal Cisco teams while collaborating with engineers to enhance, improve, and modify enterprise and cloud (IaaS, SaaS) configurations based on investigations. Additionally, you'll provide recommendations and apply lessons learned from incidents for tools, process, capabilities and other new technologies to support business objectives. Responsibilities

• Perform cloud based forensics investigations on compromised or potentially compromised systems, on the host level, application, network etc. Perform analysis to reconstruct what may have transpired on a system.
• Analyzing network traffic to identify malicious activity or compromised systems, prevent successful attacks
• Work closely with the Security Operations Center (SOC), and engineering teams to improve and build new tailored security detections
• Analyze alert statistics and workflows to reduce false positives and properly focus engineering efforts
• Provide design support on ways to improve detection and response capabilities
• Keep up-to-date on modern attack techniques to continually integrate knowledge into new detections
• Operate and help mature playbooks, workflow automations, and use cases to protect our cloud
• Building strong relationships with the other technical teams across our engineering and infrastructure functions Who You Are You possess at least 5 years of security experience focusing on Incident Response and building detections. You will have a detailed understanding of SIEM solutions and strong knowledge of cloud environments and security methodologies for operating in the cloud. You're passionate about security and you bring deep knowledge of incident response, and various attack vectors. You have knowledge of the MITRE ATT&CK Framework and Cyber Kill Chain and how they pertain to cloud and web applications. You have experience with scripting/code (REGEX search strings, bash scripting, Python parsing). You have deep knowledge of Splunk, alert creations and creating signatures. You may have one or more security certifications, particularly those with a Cloud focus (CISSP, CCSP, AWS Cloud certifications, etc.). Qualifications
  • Experience using Splunk, developing, maintaining, and tuning alerts
  • Experience developing custom code or scripts for security event analysis and incident response automation
  • Experience with cloud environments or technologies
  • Proven knowledge and understanding of security incident types, indicators of compromise (IOCs), and tools, tactics, and procedures (TTPs)
  • Experience responding to incidents and alerts
  • Experience writing signatures and creating alerts off of IOCs
  • US Citizenship required Why Cisco #WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all. We embrace digital, and help our customers implement change in their digital businesses. Some may think we're "old" (36 years strong) and only about hardware, but we're also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do - you can't put us in a box! But "Digital Transformation" is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.) Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward. So, you have colorful hair? Don't care. Tattoos? Show off your ink. Like polka dots? That's cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!
    #LI-PE1
    

Keywords: Cisco Systems, Inc., Raleigh , Security Incident Responder, Other , Raleigh, North Carolina