Job Description:
Cisco CSIRT seeks an information security investigator for a new global Computer Security Operations Center (CSOC). This is an opportunity to contribute to a highly visible security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. CSIRT is looking for an experienced security professional with proven expertise in the following areas.
Network and system security/administration
Incident response and security monitoring
Computer forensics
Malicious code/exploits, anti-virus, etc.
Responsibilities
This candidate will conduct escalated investigations into information security incidents on the network. This will involve working security cases to full resolution, treating with proper urgency, engaging teams within and outside Cisco to mitigate and resolve all cases. The candidate will work within the on-site CSOC in Bangalore covering shifts to enable follow-the-sun coordinated security operations. The candidate will leverage the following technologies and tools to solve cases:
Cisco IPS
netForensics Sim ONE
ArcSight
Cisco NetFlow
IronPort WSA
Splunk
Lancope StealthWatch
Syslog from servers and network devices
Firewalls
DHCP, AD, 802.1x, NAT, and VPN logs
Cisco Network Analysis Modules (NAM)
Other responsibilities include:
Conduct online forensic investigations of devices (routers, - switches, UNIX and Windows hosts)
Review device logs and interpret data
Interview personnel to obtain information related to investigation
Respond to help desk on cases (e.g.,attacks on individuals for specific - data)
Maintain up-to-date information in secure case management system
Identify and implement incident mitigation, including null routing, ACL changes, DNS poisoning, account disabling, application offlining, etc.
Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business
Some travel required.
Required Skills
The successful candidate will have an operational knowledge of Cisco's infrastructure and core security technologies, demonstrating experience in system or network administration.
Deep understanding of network protocols and troubleshooting
Deep understanding of server operating systems and common appliances, including virtualized infrastructures
Proven experience documenting incidents for executive and peer audiences - requires excellent communication skills
Experience with security compliance laws and standards such as HIPAA, PCI DSS, Sarbanes-Oxley
Desired Skills/Certifications
Proven technical expertise and experience with information security
Good working relationships with other organizations within Cisco or other IT/engineering teams
Experience with operating systems such as Windows and Linux
Familiar with the latest malicious code trends, including experience with exploits and malware
Demonstrate customer service, communications, troubleshooting skills
Industry certifications such as CISSP, SANS GCIH
Cisco network certifications, such as CCNA, CCDA, or CCSP
Experience with operations processes, such as ITIL, CMM, or Six Sigma
US government security clearance
Candidate must be demonstrate strong adherence to quality processes in work history, have experience working in a global support environment and pressure work environments, be willing to work off-hours, accommodate rotational work and case handling.
Education
Typically requires Bachelor's Degree in Computer Science or Engineering with 3-5 years experience in engineering or network administration.
