Cisco Threat Hunting Investigator 

China, Shanghai 

531721014

Conduct host forensics, network forensics and log analysis in support of incident response investigations for systems or applications deployed on-prem or in the cloud.

Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.

Study how attackers operate and their methods, but also use your IT and networking expertise to build & improve detection logic and investigative procedures.

Teach, mentor and support your peers in areas you have specialized knowledge or experience.

Participate in a follow-the-sun on-call rotation.

• Minimum of 7-10 years of experience in investigations and incident response.
• Self-Starter, Go-Getter & Self-Learner.
• Superb communication (verbal and written) skills.
• Reasonable scripting/coding abilities and an eye for automation opportunities.
• A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, TLS and distributed networks).
• Experience across common security products like - firewalls, IDS/IPS, NetFlow, AV, EDR, SIEM, SOAR, etc.
• Experience or familiarity with the usage of cloud computing platforms & components, like - AWS, GCP, Azure, Docker, Kubernetes, etc.
• Experience or familiarity with the CI/CD pipelines.
• Extensive knowledge of IT infrastructure services, Operating systems, networking.
• Experience or familiarity with protocols & products used for authentication & authorization, like - Radius, Active Directory, LDAP, NTLM, Kerberos, SAML, OAuth, JWT, etc.
• Experience with a mix of red team or blue team tools, like - Metasploit, C2 frameworks, Kali Linux, Security Onion, Burp Suite, Nessus, OSQuery, Yara, sleuth kit, velociraptor, etc.
• Experience in one or more data analytics platforms or languages like - Splunk, Elastic Stack, Kusto Query Language (KQL), Structured Query Language (SQL), etc.
• Agility in commanding several types of security incidents concurrently and a curiosity to learn about the tools and technologies involved.
• Proven track record of managing and coordinating complex security investigations.
• Flexibility – willingness to pitch in where needed across program and team, and outside typical business hours.
• Ability to work shift hours as well as on-call out of hours.
• Strong leadership, influence, and collaboration skills; sound problem resolution, judgment, negotiating and decision-making skills.