דרושים Threat Hunting Analyst ב-Cisco ב-China, Shanghai
Cisco Senior Threat Hunting Analyst China, Shanghai
CSIRT prefers a college graduate with IT technical experience in one or more of the following fields:
- Network, Systems (Windows or Unix) or Cloud administration (AWS/GCP/Azure)
- Enterprise Identity Management
- Web Application Development
- Security Operations Center incident handling/management/coordination
- SIEM technologies ideally Splunk
- Detection Engineering Pipeline (and the development of detection rules)
- Data Engineering Pipeline (and the onboarding of data for use for detections)
- Strong understanding of incident response, malicious code/exploits, anti-virus, etc.
- Understanding of computer forensics
- Automation Scripting (Python)
- Threat Intelligence
- Attack Surface Risk Management
QUALIFICATIONS
The successful candidate should have the following qualifications:
- Worked in a high pressure Global SOC environment handling incidents
- Familiar with Windows exploits, malware and malicious code trends
- Willing to work off-hours including rotational on-call shifts
- Demonstrate interest and knowledge of security trends and latest attacker activity
- Hands on experience with one or more areas of the following areas:
- IT Infrastructure services (DNS, Web Servers, Email, etc…)
- Networking
- Identity (Active Directory, Okta, Duo, Ping, Azure AD)
- Cloud Administration (AWS, Azure, Azure)
- Systems Administration (Linux, Windows)
- Familiar with Modern Cloud Applications and technology.
- Experience with SIEM tools e.g. Splunk and ideally Splunk Enterprise Security.
- Experienced ability to create SIEM Detection Rules based on latest Threats.
- Demonstrate good customer service, communications, and troubleshooting skills.
Degree in IT / CS / MIS / Information Security or equivalent operational experience. Post graduate degrees a plus.
RESPONSIBILITIES
The core responsibilities of the CSIRT analyst are:
?Monitor and Respond to Security Alerts:
- Continuously monitor security alerts and incidents using Splunk and other security tools.
- Perform thorough analysis and investigation of security incidents to determine their scope and impact.
- Coordinate with other IT and security teams to remediate incidents effectively.
?Develop and Implement Detection Strategies:
- Create and fine-tune Splunk detections to identify potential security threats and anomalies.
- Develop and maintain custom detection rules, alerts, and dashboards in Splunk.
- Ensure detections are comprehensive, accurate, and provide actionable intelligence.
?Stay Ahead of Emerging Threats:
- Keep up-to-date with the latest cyber threats, attack vectors, and security trends.
- Develop and implement new detection techniques to address emerging threats.
- Conduct regular threat hunting activities to proactively identify potential vulnerabilities.
?Technical Skills and Expertise:
- Utilize your broad technology skill set to address security challenges across various platforms, including modern cloud environments (e.g., AWS, Azure, Google Cloud).
- Apply your development skills to create automation scripts and tools to enhance SOC operations.
- Collaborate with IT and DevOps teams to ensure security is integrated into the development lifecycle.
In addition, the CSIRT Analyst will be accountable for the following:
- Escalate to CSIRT investigators and external support teams to assist in analysis and event resolution.
- Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
- Inform higher-level priorities, improvements and problem resolutions to improve effectiveness of Cisco CSIRT & InfoSec.
- Constructively challenge and improve existing tools, processes and procedures.
- Assist CSIRT with continued enhancement of Cisco's security tools.
- Develop and execute security controls, defences and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
- Conduct vulnerability assessments of applications, operating systems and/or networks.
- Respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access.
- Research and evaluate cybersecurity threats and perform root cause analysis.
- Assist in the creation and implementation of security solutions.
- Learn quickly on the job as CSIRT tackles security solutions for various environments & technologies, including cloud technologies, that may be new to you and others on the team
- Provide information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
משרות נוספות שיכולות לעניין אותך
Cisco Cybersecurity Incident Senior Analyst China, Shanghai
RESPONSIBILITIES
Assist with setup and tune multiple security monitoring products and data feeds.
Assist in development of documented process for incident and alert handling
• Escalate to CSIRT investigators and external support teams to assist in analysis and event resolution.
• Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
• Inform higher-level priorities, improvements and problem resolutions to improve effectiveness of CSCO, CSIRT, InfoSec, and CSPO.
• Constructively challenge and improve existing tools, processes and procedures.
• Assist CSIRT with testing, deployment and continued enhancement of Cisco's security tools.
• Provide information security awareness training to new hires.
• Watch and identify the emerging threats globally. Tune the configuration of monitoring products to catch the possible attack to Cisco.
EXPERIENCE/ SKILLS REQUIRED
The right candidate will have about 8 to 10 years relevant experience in one or more of the following fields:
Network administration, TCP/IP knowledge and application in securing systems, investigating security incidents.
Experience on Cloud platform (AWS)
Demonstrate clear experience with UNIX/Windows operating systems
IT security with a focus on computer incident response, malicious code/exploits, anti-virus, etc.
Knowledge of SIEM tools (preferably Splunk)
Scripting skills (BASH, Python, PERL)
Familiar with Windows exploits, malware and malicious code trends
Demonstrate interest and knowledge in learning of security trends and malware analysis.
Fluent in English. Good communication and presentation skills. (China)
Degree in BS or equivalent. MS is a plus
CCNA, RHCE, MCSE, CISSP (will be a plus)
משרות נוספות שיכולות לעניין אותך
Cisco Threat Hunting Analyst China, Shanghai
Threat Hunting Analyst:
CSIRT prefers a college graduate with IT technical experience in one or more of the following fields:
- Network, Systems (Windows or Unix) or Cloud administration (AWS/GCP/Azure)
- Enterprise Identity Management
- Web Application Development
- Security Operations Center incident handling/management/coordination
- SIEM technologies ideally Splunk
- Detection Engineering Pipeline (and the development of detection rules)
- Data Engineering Pipeline (and the onboarding of data for use for detections)
- Strong understanding of incident response, malicious code/exploits, anti-virus, etc.
- Understanding of computer forensics
- Automation Scripting (Python)
- Threat Intelligence
- Attack Surface Risk Management
QUALIFICATIONS
The successful candidate should have the following qualifications:
- Worked in a high pressure Global SOC environment handling incidents
- Familiar with Windows exploits, malware and malicious code trends
- Willing to work off-hours including rotational on-call shifts
- Demonstrate interest and knowledge of security trends and latest attacker activity
- Hands on experience with one or more areas of the following areas:
- IT Infrastructure services (DNS, Web Servers, Email, etc…)
- Networking
- Identity (Active Directory, Okta, Duo, Ping, Azure AD)
- Cloud Administration (AWS, Azure, Azure)
- Systems Administration (Linux, Windows)
- Familiar with Modern Cloud Applications and technology.
- Experience with SIEM tools e.g. Splunk and ideally Splunk Enterprise Security.
- Experienced ability to create SIEM Detection Rules based on latest Threats.
- Demonstrate good customer service, communications, and troubleshooting skills.
Degree in IT / CS / MIS / Information Security or equivalent operational experience. Post graduate degrees a plus.
RESPONSIBILITIES
The core responsibilities of the CSIRT analyst are:
Monitor and Respond to Security Alerts:
- Continuously monitor security alerts and incidents using Splunk and other security tools.
- Perform thorough analysis and investigation of security incidents to determine their scope and impact.
- Coordinate with other IT and security teams to remediate incidents effectively.
Develop and Implement Detection Strategies:
- Create and fine-tune Splunk detections to identify potential security threats and anomalies.
- Develop and maintain custom detection rules, alerts, and dashboards in Splunk.
- Ensure detections are comprehensive, accurate, and provide actionable intelligence.
Stay Ahead of Emerging Threats:
- Keep up-to-date with the latest cyber threats, attack vectors, and security trends.
- Develop and implement new detection techniques to address emerging threats.
- Conduct regular threat hunting activities to proactively identify potential vulnerabilities.
Technical Skills and Expertise:
- Utilize your broad technology skill set to address security challenges across various platforms, including modern cloud environments (e.g., AWS, Azure, Google Cloud).
- Apply your development skills to create automation scripts and tools to enhance SOC operations.
- Collaborate with IT and DevOps teams to ensure security is integrated into the development lifecycle.
In addition, the CSIRT Analyst will be accountable for the following:
- Escalate to CSIRT investigators and external support teams to assist in analysis and event resolution.
- Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
- Inform higher-level priorities, improvements and problem resolutions to improve effectiveness of Cisco CSIRT & InfoSec.
- Constructively challenge and improve existing tools, processes and procedures.
- Assist CSIRT with continued enhancement of Cisco's security tools.
- Develop and execute security controls, defences and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
- Conduct vulnerability assessments of applications, operating systems and/or networks.
- Respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access.
- Research and evaluate cybersecurity threats and perform root cause analysis.
- Assist in the creation and implementation of security solutions.
- Learn quickly on the job as CSIRT tackles security solutions for various environments & technologies, including cloud technologies, that may be new to you and others on the team
- Provide information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
משרות נוספות שיכולות לעניין אותך
CSIRT prefers a college graduate with IT technical experience in one or more of the following fields:
- Network, Systems (Windows or Unix) or Cloud administration (AWS/GCP/Azure)
- Enterprise Identity Management
- Web Application Development
- Security Operations Center incident handling/management/coordination
- SIEM technologies ideally Splunk
- Detection Engineering Pipeline (and the development of detection rules)
- Data Engineering Pipeline (and the onboarding of data for use for detections)
- Strong understanding of incident response, malicious code/exploits, anti-virus, etc.
- Understanding of computer forensics
- Automation Scripting (Python)
- Threat Intelligence
- Attack Surface Risk Management
QUALIFICATIONS
The successful candidate should have the following qualifications:
- Worked in a high pressure Global SOC environment handling incidents
- Familiar with Windows exploits, malware and malicious code trends
- Willing to work off-hours including rotational on-call shifts
- Demonstrate interest and knowledge of security trends and latest attacker activity
- Hands on experience with one or more areas of the following areas:
- IT Infrastructure services (DNS, Web Servers, Email, etc…)
- Networking
- Identity (Active Directory, Okta, Duo, Ping, Azure AD)
- Cloud Administration (AWS, Azure, Azure)
- Systems Administration (Linux, Windows)
- Familiar with Modern Cloud Applications and technology.
- Experience with SIEM tools e.g. Splunk and ideally Splunk Enterprise Security.
- Experienced ability to create SIEM Detection Rules based on latest Threats.
- Demonstrate good customer service, communications, and troubleshooting skills.
Degree in IT / CS / MIS / Information Security or equivalent operational experience. Post graduate degrees a plus.
RESPONSIBILITIES
The core responsibilities of the CSIRT analyst are:
?Monitor and Respond to Security Alerts:
- Continuously monitor security alerts and incidents using Splunk and other security tools.
- Perform thorough analysis and investigation of security incidents to determine their scope and impact.
- Coordinate with other IT and security teams to remediate incidents effectively.
?Develop and Implement Detection Strategies:
- Create and fine-tune Splunk detections to identify potential security threats and anomalies.
- Develop and maintain custom detection rules, alerts, and dashboards in Splunk.
- Ensure detections are comprehensive, accurate, and provide actionable intelligence.
?Stay Ahead of Emerging Threats:
- Keep up-to-date with the latest cyber threats, attack vectors, and security trends.
- Develop and implement new detection techniques to address emerging threats.
- Conduct regular threat hunting activities to proactively identify potential vulnerabilities.
?Technical Skills and Expertise:
- Utilize your broad technology skill set to address security challenges across various platforms, including modern cloud environments (e.g., AWS, Azure, Google Cloud).
- Apply your development skills to create automation scripts and tools to enhance SOC operations.
- Collaborate with IT and DevOps teams to ensure security is integrated into the development lifecycle.
In addition, the CSIRT Analyst will be accountable for the following:
- Escalate to CSIRT investigators and external support teams to assist in analysis and event resolution.
- Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
- Inform higher-level priorities, improvements and problem resolutions to improve effectiveness of Cisco CSIRT & InfoSec.
- Constructively challenge and improve existing tools, processes and procedures.
- Assist CSIRT with continued enhancement of Cisco's security tools.
- Develop and execute security controls, defences and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
- Conduct vulnerability assessments of applications, operating systems and/or networks.
- Respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access.
- Research and evaluate cybersecurity threats and perform root cause analysis.
- Assist in the creation and implementation of security solutions.
- Learn quickly on the job as CSIRT tackles security solutions for various environments & technologies, including cloud technologies, that may be new to you and others on the team
- Provide information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
משרות נוספות שיכולות לעניין אותך
