The Information Security Investigator has a deep technical understanding of the Cisco Managed Security Services (MSS) technologies: intrusion analysis, anomalous behavior analysis, and threat intelligence. This senior role is entrusted with intimately advising Clients of threats and breaches, and must have the ability to lead and direct Security Analysts and fellow Investigators. The Investigator is required to maintain a thorough understanding of the Customer environment and reflect such knowledge in Customer tickets, guidance to staff, and in Customer briefings. The Investigator will remain up-to-date on active security threats and events across all sectors with specific focus on Customer sectors, specifically financial, retail, medical, and energy. The Investigator will work in an assigned shift, and is required to be present physically and via secure messaging such as Webex, Telepresence and Cisco Jabber. Constant interaction with the SOC staff is required.
Main Responsibilities:
Conduct in-depth investigations into security breaches using all available tools within Customer environment, Cisco, and online:
- Review device logs, full packet capture, and all forms of telemetry, interpret data
- Conduct online forensic investigations of devices (UNIX, Windows hosts and other platforms)
- Interview personnel to obtain information related to investigation
- Maintain up-to-date information in a secure case management system
- Identify, advise and implement incident mitigation actions, using the following tools:
- null routing, Firewall ACL changes, DNS RPZ
- Next-Generation IPS, Web Security and Email Security
- Endpoint and Network Advanced Malware Protection systems
- account disabling and application offlining
- Resolve cases escalated from Security Analysts (either as escalated ticket to customer or resolving as false positive.)
- Resolve cases dispatched from Customers, maintain daily dialog with Customer on case until resolved
- Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business
Vigilantly protect Customer data, ensuring proper handling and protection electronically, physically, and verbally
Ensure assigned shift is covered personally or attended by an alternate Investigator
Share incidents and intelligence via conference presentations, intelligence exchanges, informal mailing lists, and social media
Mentor Analysts in investigative skills and customer communications
Maintain quality assurance for all processes
Conduct threat research to determine how Clients are affected by threats
Technical Skills:
- Detailed understanding of the TCP/IP protocol suite
- System Administrator-level expertise in multi-user operating systems including Unix flavors and Microsoft Windows
- Demonstrated expertise in current modern security attacks and threats
- Demonstrated expertise in malware analysis, categorization, and attribution:
-Sandboxing technologies and products, commercial and open source
-Malware reverse-engineering and disassembly skills a plus
- Understanding of security incidents involving alternate OSs including Android and iOS
- Experience in scripting in one or more languages: shell, perl, python, or PHP
- Experience with virtualization technologies including VMWare, OpenStack, or other hypervisors
- General Cisco network security product and technology knowledge:
-Firewalls, Intrusion Prevention Systems, Web and Email Security
-R&S infrastructure
-Network security configuration and troubleshooting
Desired Education and Certifications:
- BA/BS degree with 8-10 years of IT and/or security experience (Incident Response Team and SOC experience a plus)
- Industry certifications such as CISSP, SANS GCIH would be a plus
- Cisco network certifications, such as CCNA, CCDA, or CCSP a plus
- Experience with Snort or other intrusion detection tools
- Experience with NetFlow telemetry and malware traffic analysis tools
- Experience with full-packet capture tools
- Experience with anomaly detection tools
- Familiarity with the latest malicious code trends, including experience with exploits, exploit kits and malware
Additional Skills:
- Mentoring experience
- Excellent English, verbal and written
- Strong Teamwork
- Demonstrated Customer Service, communications and troubleshooting skills
- Proven crisis management skills
- Experience with operations processes, such as ITIL, CMM, or Six Sigma
What we Offer?
- Attractive Salary based on B2B or employment contract
- Enthusiastic and positive work atmosphere
- Daily work with the best IT specialist in international enviroment for one of the Best Employers in Poland with people from all around the world
- Private Healthcare(Medicover) and MultiSport Card
- E-learning platform
- Internal trainings, coaching and mentoring
- Possibility of changing position, department, gaining new knowledge and experience
- Healthy, comfortable and challenging environment
- Working in Cisco Office with Two cafeterias, Summer gardens, Outdoor Ping Pong table, Xbox games and board games in creativity rooms, Massage chairs, Table football and more
Poznaj
ManpowerGroup
ManpowerGroup, światowy lider innowacyjnych rozwiązań dla rynku pracy, od 2001 roku wspiera swoich klientów i kandydatów w Polsce. W Polsce ManpowerGroup posiada 40 agencji i jest obecny w 25 miastach w całym kraju. Organizacja oferuje unikalne usługi dla firm i kandydatów poprzez: ManpowerGroup™ Solutions, Manpower® oraz Experis™. Usługi ManpowerGroup w Polsce obejmują pracę tymczasową, rekrutację stałą i badanie kompetencji pracowników, zatrudnienie zewnętrzne, outsourcing procesów, doradztwo personalne, zarządzanie karierą i outplacement.