Cisco Threat Hunting Analyst 

China, Shanghai 

797904481

Threat Hunting Analyst:

CSIRT prefers a college graduate with IT technical experience in one or more of the following fields:

• Network, Systems (Windows or Unix) or Cloud administration (AWS/GCP/Azure)
• Enterprise Identity Management
• Web Application Development
• Security Operations Center incident handling/management/coordination
• SIEM technologies ideally Splunk
• Detection Engineering Pipeline (and the development of detection rules)
• Data Engineering Pipeline (and the onboarding of data for use for detections)
• Strong understanding of incident response, malicious code/exploits, anti-virus, etc.
• Understanding of computer forensics
• Automation Scripting (Python)
• Threat Intelligence
• Attack Surface Risk Management

QUALIFICATIONS

The successful candidate should have the following qualifications:

• Worked in a high pressure Global SOC environment handling incidents
• Familiar with Windows exploits, malware and malicious code trends
• Willing to work off-hours including rotational on-call shifts
• Demonstrate interest and knowledge of security trends and latest attacker activity
• Hands on experience with one or more areas of the following areas:
• IT Infrastructure services (DNS, Web Servers, Email, etc…)
• Networking
• Identity (Active Directory, Okta, Duo, Ping, Azure AD)
• Cloud Administration (AWS, Azure, Azure)
• Systems Administration (Linux, Windows)
• Familiar with Modern Cloud Applications and technology.
• Experience with SIEM tools e.g. Splunk and ideally Splunk Enterprise Security.
• Experienced ability to create SIEM Detection Rules based on latest Threats.
• Demonstrate good customer service, communications, and troubleshooting skills.

Degree in IT / CS / MIS / Information Security or equivalent operational experience. Post graduate degrees a plus.

RESPONSIBILITIES

The core responsibilities of the CSIRT analyst are:

Monitor and Respond to Security Alerts:

• Continuously monitor security alerts and incidents using Splunk and other security tools.
• Perform thorough analysis and investigation of security incidents to determine their scope and impact.
• Coordinate with other IT and security teams to remediate incidents effectively.

Develop and Implement Detection Strategies:

• Create and fine-tune Splunk detections to identify potential security threats and anomalies.
• Develop and maintain custom detection rules, alerts, and dashboards in Splunk.
• Ensure detections are comprehensive, accurate, and provide actionable intelligence.

Stay Ahead of Emerging Threats:

• Keep up-to-date with the latest cyber threats, attack vectors, and security trends.
• Develop and implement new detection techniques to address emerging threats.
• Conduct regular threat hunting activities to proactively identify potential vulnerabilities.

Technical Skills and Expertise:

• Utilize your broad technology skill set to address security challenges across various platforms, including modern cloud environments (e.g., AWS, Azure, Google Cloud).
• Apply your development skills to create automation scripts and tools to enhance SOC operations.
• Collaborate with IT and DevOps teams to ensure security is integrated into the development lifecycle.

In addition, the CSIRT Analyst will be accountable for the following:

• Escalate to CSIRT investigators and external support teams to assist in analysis and event resolution.
• Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
• Inform higher-level priorities, improvements and problem resolutions to improve effectiveness of Cisco CSIRT & InfoSec.
• Constructively challenge and improve existing tools, processes and procedures.
• Assist CSIRT with continued enhancement of Cisco's security tools.
• Develop and execute security controls, defences and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
• Conduct vulnerability assessments of applications, operating systems and/or networks.
• Respond to cybersecurity breaches, identify intrusions and isolate, block and remove unauthorized access.
• Research and evaluate cybersecurity threats and perform root cause analysis.
• Assist in the creation and implementation of security solutions.
• Learn quickly on the job as CSIRT tackles security solutions for various environments & technologies, including cloud technologies, that may be new to you and others on the team
• Provide information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems.