Incident Response Consultant, Talos Incident Response

October 26, 2020 - Remote- Work from Home, EU

What You’ll Do The Cisco Talos Incident Response Consultant will work within established methodologies to perform a variety of Incident Response related activities for Cisco customers this will include emergency response to cyber incidents, proactively hunting for adversaries in customer networks, designing and performing Table-Top Exercises, performing IR Readiness Assessments, and delivering an immersive Cyber Range workshop. This Consultant will also be responsible for leading and working on projects that will support tactical and strategic business objectives. Demonstration of leadership abilities, clear and concise communication with a variety of partners, ability to lead during a crisis, personal agility to adapt to changing environments, and a strong comprehension of malware, emerging threats and calculating risk will be critical to success.

Who You’ll Work With When you work with us, you’ll be part of a global team of highly empowered Incident Response and Cyber Threat Intelligence professionals who work as a collaborative team passionate about helping our clients be both better prepared to defend against adversaries on their network, as well as responding to active incidents within their network.

Who You Are Both clients and your colleagues consider you a charismatic, articulate individual, and a born diplomat. You check your ego at the door and learn from others constantly, while also helping to educate those who aren’t as well versed as you are in technical or procedural topics. As a result, you have a track record of working diligently to help your clients and teammates and have even come up with some novel techniques in your time.

Required Skills: Respond to global cyber incidents caused by internal and external threats to our customers, that may involve nontraditional working hours. Willing to routinely travel with less than 24-hour notice, up to 35% of the time. Can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle. Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience. Be able to scope an incident, gain consensus on objectives with customers, and lead a team of incident response consultants during an emergency engagement. Specialize in host centric analysis utilizing different forensic tools (e.g. F-Response, X-Ways, Volatility, Cisco AMP, etc…). Specialize in network forensic analysis with a solid understanding of network protocols Design, lead and participate in Table-Top Exercises with customers. Proactively hunt for adversaries on customer networks leveraging a variety of tools and techniques. Lead and perform Incident Response Readiness Assessments for customers Draft communications, assessments, and reports that may be both internal and customer facing, to include leadership and executive management Understanding of different attacks and how best to design custom detection, containment, and remediation plans for customers. Serve as a liaison to different businesses and work with fellow team members and colleagues on other security teams. As-needed, maintain relationships with business partners, management, vendors, and external parties. Lead projects as directed. Be a champion for the process. Develop and document processes to ensure consistent and scalable response operations. Demonstrate industry leadership through blog posts and public speaking at conferences and events. Bachelors’ Degree in Computer Science or a related technical degree; or, equivalent industry experience. 5+years of experience in information security and 4 years of experience handling incidents. Must be willing to be on-call and work off-shift hours, to include nights, weekends, and holidays. Desired Characteristics: Detailed understanding of current cyber security threats, attacks, and countermeasures. Such as Advanced Persistent Threat (APT), Cyber Crime, Hacktivism and associated tactics. Strong track record of understanding and interest in recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities. IT Security Certifications Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE.

Why Cisco Talos IR We always strive to do the right thing, for our team, for our customers, and for the world!

We Are Cisco #WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference. Here’s how we do it.

We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (30 years strong!) and only about hardware, but we’re also a software company. And a security company. An AI/Machine Learning company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!

But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)

Day to day, we focus on the give and take. We give our best, we give our egos a break and we give of ourselves (because giving back is built into our DNA.) We take accountability, we take bold steps, and we take difference to heart. Because without diversity of thought and a commitment to equality for all, there is no moving forward.

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool.