The Cisco CSIRT forms part of the investigative branch of Cisco's Security and Trust Organization (S&TO), and is Cisco's cyber monitoring, investigations, and forensics team. CSIRT provides Cisco with tailored security monitoring services in order to protect Cisco from cyber attacks and the loss of its intellectual assets. The primary mission of CSIRT is to help ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents, and to contribute to the prevention of such incidents by engaging in proactive threat assessment, mitigation planning, incident trend analysis, and security architecture review. The CSIRT investigators are a highly-functioning, diverse, and globally distributed group of seasoned professionals from various technical backgrounds. We're Open Source Software contributors, technical authors, tool builders, DFIR community members, and lock pickers.
CSIRT is looking for an experienced security professional to join the CSIRT security investigations team. This is an opportunity to contribute to a highly visible security operations function with global impact upon Cisco, it's diversified business, business units, service ventures, partners, and customers. Seasoned system, network, and database administrators make great security investigators. We are looking for a motivated self-starting individual with a good cultural fit.
Role & Responsibilities
o Incorporate investigative and analyst requirements into CSIRT operational strategies
o Research, deploy, and automate new detection and investigative capabilities to support business objectives related to security detection and response.
o Develop roadmaps for CSIRT capabilities.
o Integrate automation as a fundamental design principle into new and existing solutions.
o Develop documentation on all custom solutions.
o Identify and provide useful data to key external stakeholders to influence strategic security decisions.
o Participate in a follow-the-sun on-call rotation.
o Self-Starter & Go-Getter
o Excellent communication (verbal and written) skills
o Excellent technical skills in a variety of operating system, Web platforms, applications, databases and big data storage frameworks.
o Scripting/coding abilities (Python, GO, C++, Perl, Java)
o A solid understanding of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, and distributed networks).
o Experience with Linux/UNIX systems and the best practices for deploying applications to those stacks.
o Infrastructure-as-a-Service platforms (OpenStack, Amazon Web Services, Rackspace, VMware, Docker, etc.)
o Agility and willingness to deal with a high level of ambiguity and change
o Flexibility – willingness to pitch in where needed across program and team
o Strong leadership, influence and collaboration skills; sound problem resolution, judgment, negotiating and decision making skills
o Global teaming skills and ability to focus the team to deliver to tight timelines and ability to multi-task
For more information, reference the CSIRT web site: http://www.cisco.com/web/about/security/intelligence/csirt_rfc2350.html