Cisco Cyber Security Investigator in Tokyo, Japan

Additional Location(s) or Information: Job Category: Research Level of Experience: Experienced - Non Manager Requisition #: R1019659

Description: The Information Security Investigator has a deep technical understanding of the Cisco Managed Security Services (MSS) technologies: intrusion analysis, anomalous behavior analysis, and threat intelligence. This senior role is entrusted with intimately advising Clients of threats and breaches, and must have the ability to lead and direct Security Analysts and fellow Investigators. The Investigator is required to maintain a thorough understanding of the Customer environment and reflect such knowledge in Customer tickets, guidance to staff, and in Customer briefings. The Investigator will remain up-to-date on active security threats and events across all sectors with specific focus on Customer sectors, specifically financial, retail, medical, and energy. The Investigator will work in an assigned shift, and is required to be present physically and via secure messaging such as Webex, Telepresence and Cisco Jabber. Constant interaction with the SOC staff is required.

Security Investigator Duties

Conduct in-depth investigations into security breaches using all available tools within Customer environment, Cisco, and online: Review device logs, full packet capture, and all forms of telemetry, interpret data Conduct online forensic investigations of devices (UNIX, Windows hosts and other platforms) Interview personnel to obtain information related to investigation Maintain up-to-date information in a secure case management system Identify, advise and implement incident mitigation actions, using the following tools: null routing, Firewall ACL changes, DNS RPZ Next-Generation IPS, Web Security and Email Security Endpoint and Network Advanced Malware Protection systems account disabling and application offlining Resolve cases escalated from Security Analysts (either as escalated ticket to customer or resolving as false positive.) Resolve cases dispatched from Customers, maintain daily dialog with Customer on case until resolved Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business Vigilantly protect Customer data, ensuring proper handling and protection electronically, physically, and verbally Ensure assigned shift is covered personally or attended by an alternate Investigator Share incidents and intelligence via conference presentations, intelligence exchanges, informal mailing lists, and social media Mentor Analysts in investigative skills and customer communications Maintain quality assurance for all processes Conduct threat research to determine how Clients are affected by threats

Technical Skills

Detailed understanding of the TCP/IP protocol suite System Administrator-level expertise in multi-user operating systems including Unix flavors and Microsoft Windows Demonstrated expertise in current modern security attacks and threats Demonstrated expertise in malware analysis, categorization, and attribution: Sandboxing technologies and products, commercial and open source Malware reverse-engineering and disassembly skills a plus Understanding of security incidents involving alternate OSs including Android and iOS Experience in scripting in one or more languages: shell, perl, python, or PHP Experience with virtualization technologies including VMWare, OpenStack, and other hypervisors General Cisco network security product and technology knowledge: Firewalls, Intrusion Prevention Systems, Web and Email Security Route and switch infrastructure Network security configuration and troubleshooting non-Cisco product and technology knowledge a plus

Desired Education and Certifications

BA/BS degree with 8-10 years of IT and/or security experience Incident Response and SOC experience a plus Cisco Next-generation IPS product certifications: Sourcefire Certified Expert (SFCE) a plus Sourcefire AMP Endpoint Specialist a plus Industry certifications such as CISSP, SANS GCIH Cisco network certifications, such as CCNA, CCDA, or CCSP a plus Experience with Snort or other intrusion detection tools Experience with NetFlow telemetry and malware traffic analysis tools Experience with full-packet capture tools Experience with anomaly detection tools Familiarity with the latest malicious code trends, including experience with exploits, exploit kits and malware Own Security research, presentations and publications a plus

Additional Skills

Mentoring experience Excellent English, verbal and written Strong Teamwork Demonstrated Customer Service, communications and troubleshooting skills Proven crisis management skills Experience with operations processes, such as ITIL, CMM, or Six Sigma

Job Type: Experienced Opportunity Category: Security

Cyber Security Investigator Tokyo JP R1019659-en_US