Cisco Careers

Meet the Team

The Security Operations Center (SOC) Security Investigator is responsible for investigating and responding to security issues within customer environments. Cisco Managed Security Services is looking for a Security Investigator who can analyze security events generated from network analytics, endpoint protection, and other security suites to determine the severity and outcome of any threats detected. The Security Investigator will provide remediation actions to the client based on the impact of these threats up to and including taking proactive responses for high priority events.

You must be able to accurately identify and prioritize events, translate technical solutions for an audience of varying technical knowledge, and make customer impacting recommendations with the goal of ensuring customer satisfaction.  l>

Your Impact

• Take ownership of and conduct in-depth investigations into security events
• Document security investigations in a clear and concise manner
• Ensure that incoming client requests are addressed and worked in a timely manner
• Assist clients to address security incidents in an expedited manner
• Proactively hunt for suspicious or malicious activity not detected via automated alerts
•  Work as a member of a team to prioritize incoming automated security events based on the impact and urgency of the events
• Provide knowledge sharing with the rest of the team
• Utilize threat intelligence to enrich and qualify security events
• Maintain knowledge of new tactics, techniques and procedures (TTP) in customer verticals
• Identify processes and procedures that are candidates for automation

Minimum Qualifications 

• Relevant degree in a technical field (Computer Science / Computer Engineering / Cybersecurity / Computer Networking) or related discipline with 9+ years equivalent experience
• Familiarity with incident handling, incident response frameworks, guidelines, and best practices (NIST, ISO, etc.)  
• Passion for IT Security and staying up-to-date with current TTP's
• Experience with threat intelligence and open source threat intelligence
• Knowledge of enterprise network and computer environments and the common protocols and applications in these environments

Preferred Qualifications 

• Suggested certifications (OSCP, Sec+, CCIE - Security , CySA+, CCNA CyberOps, GCIH, GCIA, GCFA, GCFE, CEH)
• Working knowledge of Splunk admin and play book tuning 
• Familiarity with MITRE ATT&CK framework
• Experience with a scripting/automation language (Python, BASH)

#WeAreCisco where every individual brings their unique skills and perspectives together to pursue our purpose of powering an inclusive future for all.

Our passion is connection—we celebrate our employees’ diverse set of backgrounds and focus on unlocking potential. Cisconians often experience one company, many careers where learning and development are encouraged and supported at every stage. Our technology, tools, and culture pioneered hybrid work trends, allowing all to not only give their best, but be their best.

We understand our outstanding opportunity to bring communities together and at the heart of that is our people. One-third of Cisconians collaborate in our 30 employee resource organizations, called Inclusive Communities, to connect, foster belonging, learn to be informed allies, and make a difference. Dedicated paid time off to volunteer—80 hours each year—allows us to give back to causes we are passionate about, and nearly 86% do!

Our purpose, driven by our people, is what makes us the worldwide leader in technology that powers the internet. Helping our customers reimagine their applications, secure their enterprise, transform their infrastructure, and meet their sustainability goals is what we do best. We ensure that every step we take is a step towards a more inclusive future for all. Take your next step and be you, with us!