Cisco Threat Hunting Investigator 

United States, North Carolina, Cary 

8552407

Document cases, procedures, analysis, and investigations accurately and thoroughly (including best-practice documentation).

Assist with setup and tuning of multiple security monitoring products and data feeds

Collaborate with data source SMEs in SVIC and InfoSec to enhance, improve, or modify cloud (IaaS, SaaS, etc) based security detection and response.

Update, modify, and enhance existing programs used for security detection and response.

Develop documentation on all custom solutions.

Identify attackers and their methods, but also use your IT and networking expertise to improve detection logic.

Occasional travel (<10%)

Attacker Tools, TTPs

Log Analysis (System, Firewall, Application

Threat Hunting

Intelligence Analysis

Attacker Methodology

Industry Peer Collaboration & Information Sharing

CyberSecurity Impact Assessment

CyberSecurity Problem Management

Automation/SOAR

Root Cause ID / LTF

4 + years of Cybersecurity or IT security related work experience.

Python scripting/coding experience

Experience with any three or more of the following tools: Splunk , CSE(AMP4E), Network AMP, WSA, Firepower IPS , NGFW, ESA, CTA, Threat-Grid , Stealthwatch, Umbrella, SecureX, OSQuery, Threat-Quotient, MISP, Recorded-Future, Volatility, Powershell, Wireshark, Encase, Tableau, TheHive

Must have Experience with Log Analysis (System, Firewall, Application)

Good technical skills in a variety of operating system, languages, and databases

Experience with any of the following - Go, Java, JavaScript, SQL, MySQL, STIX/TAXII, MITRE ATT&CK

Certifications GSEC, GCIA, GISF, GCED, GCFA, GCFE, GREM, GCTI, GASF, GCEH, CISSP, CCSP OR SSCP

Cloud experience with AWS or Azure.

Agility and willingness to deal with a high level of ambiguity and change

Flexibility – willingness to pitch in where needed across program and team