Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Cisco Threat Hunting Investigator 
China, Shanghai 
531721014

16.09.2024
What You Will Do

Conduct host forensics, network forensics and log analysis in support of incident response investigations for systems or applications deployed on-prem or in the cloud.

Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.

Study how attackers operate and their methods, but also use your IT and networking expertise to build & improve detection logic and investigative procedures.

Teach, mentor and support your peers in areas you have specialized knowledge or experience.

Participate in a follow-the-sun on-call rotation.

Desired Skills
  • Minimum of 7-10 years of experience in investigations and incident response.
  • Self-Starter, Go-Getter & Self-Learner.
  • Superb communication (verbal and written) skills.
  • Reasonable scripting/coding abilities and an eye for automation opportunities.
  • A solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, TLS and distributed networks).
  • Experience across common security products like - firewalls, IDS/IPS, NetFlow, AV, EDR, SIEM, SOAR, etc.
  • Experience or familiarity with the usage of cloud computing platforms & components, like - AWS, GCP, Azure, Docker, Kubernetes, etc.
  • Experience or familiarity with the CI/CD pipelines.
  • Extensive knowledge of IT infrastructure services, Operating systems, networking.
  • Experience or familiarity with protocols & products used for authentication & authorization, like - Radius, Active Directory, LDAP, NTLM, Kerberos, SAML, OAuth, JWT, etc.
  • Experience with a mix of red team or blue team tools, like - Metasploit, C2 frameworks, Kali Linux, Security Onion, Burp Suite, Nessus, OSQuery, Yara, sleuth kit, velociraptor, etc.
  • Experience in one or more data analytics platforms or languages like - Splunk, Elastic Stack, Kusto Query Language (KQL), Structured Query Language (SQL), etc.
  • Agility in commanding several types of security incidents concurrently and a curiosity to learn about the tools and technologies involved.
  • Proven track record of managing and coordinating complex security investigations.
  • Flexibility – willingness to pitch in where needed across program and team, and outside typical business hours.
  • Ability to work shift hours as well as on-call out of hours.
  • Strong leadership, influence, and collaboration skills; sound problem resolution, judgment, negotiating and decision-making skills.