The Cisco Talos Incident Response Consultant will work within established methodologies to perform a variety of incident response-related activities for Cisco customers. This will include emergency response to cyber incidents, proactively hunting for adversaries in customer networks, designing and performing tabletop exercises, performing IR Readiness Assessments, and delivering an immersive cyber range workshop. The Incident Response Consultant will also be responsible for leading and working on projects that will support tactical and strategic business objectives. An ideal candidate should demonstrate leadership abilities, clear and concise communication with a variety of stakeholders, an ability to lead during a crisis, personal agility to adapt to changing environments, and a strong comprehension of malware, emerging threats and calculating risk.
When you work with us, you’ll be part of a global team of highly empowered incident response and cyber threat intelligence professionals who work as a collaborative team focused on helping our clients be both better prepared to defend against adversaries on their network, as well as responding to active incidents within their network.
Both your clients and your colleagues consider you a charismatic, articulate individual, and a born diplomat. You check your ego at the door and learn from others constantly, while also helping to educate those who aren’t as well versed as you are in technical or procedural topics. As a result, you have a track record of working tirelessly to help your clients and teammates and have even come up with some novel techniques in your time.
Respond to global cyber incidents caused by internal and external threats to our customers, that may involve nontraditional working hours.
Must be willing to routinely travel with less than 24-hour notice, up to 35% of the time.
Can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle.
Demonstrate capability to map technical findings to business impacts and communicate those in a manner that is understandable by a non-technical audience.
Be able to scope an incident, gain consensus on objectives with customers, and lead a team of incident response consultants during an emergency engagement.
Specialize in host-centric analysis utilizing a variety of forensic tools (e.g. F-Response, X-Ways, Volatility, Cisco AMP, etc…).
Specialize in network forensic analysis with a strong understanding of network protocols.
Design, lead and participate in tabletop exercises with customers.
Proactively hunt for adversaries on customer networks leveraging a variety of tools and techniques.
Lead and perform Incident Response Readiness Assessments for customers.
Draft communications, assessments and reports that may be both internal and customer-facing, to include leadership and executive management.
Understanding of different attacks and how best to design custom detection, containment, and remediation plans for customers.
Serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams. As needed, manage relationships with business partners, management, vendors, and external parties.
Lead projects as directed.
Be a champion for the process. Develop and document processes to ensure consistent and scalable response operations.
Demonstrate industry leadership through blog posts and public speaking at conferences and events.
Bachelors’ Degree in Computer Science or a related technical degree or equivalent industry experience.
Minimum five years of experience in information security and four years of experience handling incidents.
Must be willing to be on-call and work off-shift hours, including nights, weekends and holidays.
Detailed understanding of current cybersecurity threats, attacks and countermeasures, such as Advanced Persistent Threats (APTs), cyber crime, hacktivism and associated tactics.
Strong track record of understanding and interest in recognized IT security-related standards and technologies, demonstrated through training, job experience and/or industry activities.
Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GFCA, and/or GCFE.
We always strive to do the right thing, for our team, for our customers, and for the world!