Cyber Security Investigator (IT)

  • Location:
  • Area of Interest
    Engineer - Software
  • Job Type
  • Technology Interest
  • Job Id

What you’ll do

This is an opportunity to contribute to a highly visible security operations function with global impact upon Cisco, it's diversified business, business units, service ventures, partners, and customers.


Main accountabilities include:

  • Incorporate investigative and analyst requirements into CSIRT operational strategies
  • Research, deploy, and automate new detection and investigative capabilities to support business objectives related to security detection and response.
  • Develop roadmaps for CSIRT capabilities.
  • Integrate automation as a fundamental design principle into new and existing solutions.
  • Develop documentation on all custom solutions.
  • Identify and provide useful data to key external partners to influence strategic security decisions.
  • Participate in a follow-the-sun on-call rotation.


Who you’ll work with

The Cisco CSIRT forms part of the investigative branch of Cisco's Security and Trust Organization (S&TO), and is Cisco's cyber monitoring, investigations, and forensics team. 

CSIRT provides Cisco with tailored security monitoring services in order to protect Cisco from cyber-attacks and the loss of its intellectual assets. 

The primary mission of CSIRT is to help ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents, and to contribute to the prevention of such incidents by engaging in proactive threat assessment, mitigation planning, incident trend analysis, and security architecture review. 

The CSIRT investigators are a highly-functioning, diverse, and globally distributed group of seasoned professionals from various technical backgrounds. We're Open Source Software contributors, technical authors, tool builders, DFIR community members, and lock pickers.


Who you are

CSIRT is looking for an experienced security professional to join the CSIRT security investigations team. Seasoned system, network, and database administrators make great security investigators. We are looking for a motivated self-starting individual with a good cultural fit.

The minimum requirements for the role are:

  • You will have vast experience in security investigations and analysis
  • Hands on Azure and O365 investigations and forensics experience.
  • Good technical skills in a variety of operating system, Web platforms, applications, databases and big data storage frameworks.
  • Scripting/coding abilities, PowerShell preferred, alternatively, Python, GO, C++, Perl, Java
  • Good communication (verbal and written) skills
  • Global teaming skills and ability to focus the team to deliver to tight timelines.
  • Flexibility – willingness to pitch in where needed across program and team
  • Agility and willingness to deal with a high level of ambiguity and change

Desirable skills:

  • Infrastructure-as-a-Service platforms (OpenStack, Amazon Web Services, RackSpace, VMware, Docker, etc.)
  • Good experience developing customized signatures & IoCs
  • A deep understanding of networking and core Internet protocols
  • TCP/IP, DNS, SMTP, HTTP, and distributed networks).
  • Hands on device (mobile/endpoint/server/network) forensics expertise.
  • Deployment and data analytics experience using OSQuery on Linux/Macs/Windows).
  • Experience with Linux/UNIX/Windows systems and the best practices for deploying applications to those stacks.


Why cisco

We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren’t afraid to change the way the world works, lives, plays and learns.

We are thought leaders, pop culture aficionados, and we even have a few purple haired rock stars. We celebrate the creativity and diversity that fuels our innovation. We are dreamers and we are doers.

We Are Cisco.