Expoint - all jobs in one place

המקום בו המומחים והחברות הטובות ביותר נפגשים

Limitless High-tech career opportunities - Expoint

Cisco Security Incident Commander Threat Management Response 
Australia, New South Wales, Sydney 
505438491

18.11.2024

Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed. The core working hours for this position are Monday through Friday, 9:30 AM to 6:30 PM AEDT, based on your local time zone.

Key responsibilities:
  • Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidents
  • Serve as incident commander when escalations from security analysts require immediate response
  • Write SQL to search data warehouses and large datasets for signs of compromise
  • Respond to high severity incidents and handle the remediation process. (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.)
  • Familiarity with the following tools:
  • Security Incident and Event Monitoring (SIEM)
  • File Integrity Monitoring (FIM)
  • Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
  • Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
  • Investigate security events for the following platforms and technologies:
  • Cloud (AWS, Azure, GCP)
  • Cisco physical and virtual network devices and platforms
  • Assist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threat
  • Write response runbooks and author documentation on organizational response processes
You are an ideal candidate if you:
  • Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
  • Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior
  • Have a calm methodical approach to investigating potential threats
  • Have minimum of 5 years worked in cybersecurity roles professionally
  • Have the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki’s security logging or security investigation infrastructure
  • Expertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutions
  • Understand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilege
  • Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response
Bonus points for:
  • Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
  • Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
  • Networking expertise with LAN/WAN routing and high-availability routing protocols like OSPF, BGP4/iBGP, EIGRP, and NSRP.
  • In-depth knowledge of detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
  • Coding/scripting experience in one or more languages.
  • Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
  • Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.