Threat Hunting Investigator - Bengaluru, India - Cisco Systems
Description
Who We Are
Cisco's Security Visibility and Incident Command (SVIC) forms part of the monitoring & response branch of Cisco's Security and Trust Organization (S&TO) and is Cisco's cyber investigations and forensics team.
We provide Cisco with security threat detection, compliance monitoring, vulnerability discovery and response services to protect Cisco's digital world from attacks, abuse, reputational harm, and loss of its intellectual assets.
The primary mission of SVIC is to help ensure system and data risk management by performing comprehensive investigations into cyber security incidents, and to assist in the prevention of such incidents by engaging in dedicated threat assessment, mitigation planning, incident trend analysis, and security architecture review.
We are a highly-functioning, diverse, and globally distributed group of committed professionals from various technical backgrounds.We are Open-Source Software contributors, technical authors, tool builders, DFIR (Digital Forensics & Incident Response) community members, lock pickers, makers, and breakers.
Who You AreWhat You Will Do
Conduct the technical investigation into computer security incidents to assess the scope of impact to the business and uncover the root cause.
Engage with impacted teams to devise & drive them towards containment of the incident while proceeding to work for a full resolution.
Perform threat hunting campaigns using information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.
Research and deploy modern technologies or enhancements to support business objectives related to security detection, threat hunting, forensics, and response.
Study how attackers operate and their methods, but also use your IT and networking expertise to build & improve detection logic and investigative procedures.
Teach, mentor and support your peers in areas you have specialized knowledge or experience.
Represent SVIC in collaboration with industry peers and in trusted working groups.
Participate in a follow-the-sun on-call rotation.
Desired Skills
Self-Starter, Go-Getter & Self-Learner.
Superb communication (verbal and written) skills.
Reasonable scripting/coding abilities and an eye for automation opportunities.
A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, TLS and distributed networks).
Experience or familiarity with the usage of cloud computing platforms & components, like - AWS, GCP, Azure, Docker, Kubernetes, etc.
Experience or familiarity with protocols & products used for authentication & authorization, like - Radius, Active Directory, LDAP, NTLM, Kerberos, SAML, OAuth, JWT, etc.
Experience with a mix of red team or blue team tools, like - Metasploit, C2 frameworks, Kali Linux, Security Onion, Burp Suite, Nessus, OSquery, yara, sleuthkit, velociraptor, etc.
Experience in one or more data analytics platforms or languages like - Splunk, Elastic Stack, Kusto Query Language (KQL), Structured Query Language (SQL), etc.
Agility in dealing with several types of security incidents concurrently and a curiosity to learn about the tools and technologies involved.
Strong leadership, influence, and collaboration skills; sound problem resolution, judgment, negotiating and decision-making skills.
More jobs from Cisco Systems
-
Systems Architect- Enterprise Account
Mumbai, India - 4 days ago
-
Business Systems Architect
Bengaluru, India - 1 week ago
-
Rising Talent Graduate Apprentice
Bengaluru, Karnataka, India - 2 weeks ago
-
System Architect
Mumbai, Maharashtra, India - 2 weeks ago
-
Accounts Receivable Associate
Bengaluru, India - 1 week ago
-
Cybersecurity Tsa India
Mumbai, Maharashtra, India - 4 days ago