Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Cisco Threat Hunting Investigator 
United States, North Carolina, Cary 
8552407

01.09.2024

What you ll do :

  • Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).
  • Assist with setup and tuning of multiple security monitoring products and data feeds
  • Collaborate with data source SMEs in SVIC and InfoSec to enhance, improve, or modify cloud (IaaS, SaaS, etc) based security detection and response.
  • Update, modify, and enhance existing programs used for security detection and response.
  • Develop documentation on all custom solutions.
  • Identify attackers and their methods, but also use your IT and networking expertise to improve detection logic.
  • Occasional travel (<10%)

Attack Analysis:

  • Attacker Tools, TTPs
  • Log Analysis (System, Firewall, Application

Cyber Threat Intelligence:

  • Threat Hunting
  • Intelligence Analysis
  • Attacker Methodology
  • Industry Peer Collaboration & Information Sharing

Incident/Investigations Handling:

  • CyberSecurity Impact Assessment
  • CyberSecurity Problem Management
  • Automation/SOAR
  • Root Cause ID / LTF

Minimum Qualifications-

  • 4 + years of Cybersecurity or IT security related work experience.
  • Python scripting/coding experience
  • Experience with any three or more of the following tools: Splunk , CSE(AMP4E), Network AMP, WSA, Firepower IPS , NGFW, ESA, CTA, Threat-Grid , Stealthwatch, Umbrella, SecureX, OSQuery, Threat-Quotient, MISP, Recorded-Future, Volatility, Powershell, Wireshark, Encase, Tableau, TheHive
  • Must have Experience with Log Analysis (System, Firewall, Application)

Preferred Qualifications-

  • Good technical skills in a variety of operating system, languages, and databases
  • Experience with any of the following - Go, Java, JavaScript, SQL, MySQL, STIX/TAXII, MITRE ATT&CK
  • Certifications GSEC, GCIA, GISF, GCED, GCFA, GCFE, GREM, GCTI, GASF, GCEH, CISSP, CCSP OR SSCP
  • Cloud experience with AWS or Azure.
  • Agility and willingness to deal with a high level of ambiguity and change
  • Flexibility – willingness to pitch in where needed across program and team