CISCO Information Security Analysts (Tier 1)

Objective

The Cisco Computer Security Incident response team (CSIRT) at Sykes is part of the Cisco Corporate Security office (CSPO) at Cisco, which is part of the Research Office and Cyber Science Computer Forensics. Their mission is to preserve the security of the information hosted in the Cisco.com network domain, through risk assessment, vulnerability assessment and defense planning. The Tier-1 team at SYKES is responsible for detecting and preventing threads to the network (intranet, extranet, internet), which may include but are not limited to: virus infections, hacking attacks and incorrect use of confidential information and acting effective actions to protect the information.

Responsabilities

  • Proactive network monitoring: The position is responsible for running the different plays (processes) detailed in the Playbook This includes downloading the adequate set of data from the security devices, manipulating and analyzing such data based on defined parameters and on experience to proactively detect potential threads and taking prompt action.
  • Research and analysis: Upon detection of a positive (real) thread the analyst must perform a thorough investigation, which includes consulting several sources of data (which include HTTP, DNS, SSH, Telnet, Active Directory, syslog, 3rd party websites and databases, etc.) to determine category and impact.
  • Effective actions: After thorough investigation the analyst must escalate true positives to next level for further research and remediation actions, following the escalation procedures for specific case types; including a thorough report with his findings and recommendations.
  • Playbook evaluation: The Playbook must be a live document, which needs constant revision and updates to ensure that the different plays are effective to detect threads. Due to this the CSIRT analyst is expected to be critical of the plays and to provide feedback on their effectiveness and detecting and communicating tuning opportunities; considering the fidelity and value of report.
  • Monitoring and on demand support: The analyst is also responsible for monitoring the network security through several tools (Remedy, InfoSec queue, CLIP, RMS) and for providing first level on- demand support, by interacting with different parties to ensure that the reported threads are effectively remediated, complying with security policies and legal requirements; this includes interacting with Cisco IT and with users.
  • Proactive vulnerability scans: Use tools (DLP, Qualys) to scan the network and detect security vulnerabilities and work with system administrators/users in order to fix gaps that could potentially result in threads to the security of information; ensure that data is handled in compliance with government and legal requirements. Analyst is responsible for proactively suggest adjustment of tools filters to ensure effectiveness of detections.
  • Devices Administrator: Responsible for ensuring that the different security monitoring devices deployed through the Cisco network worldwide are functioning correctly. This includes performing configuration changes (optimization), firmware and software upgrades, general maintenance, managing deployment and decommission for IDS, WSA, SF, AMP, UCS and other devices.
  • Given the dynamic environment of cyber security, the analyst is responsible for continuously studying and investigating about network threads and malicious software to ensure that his knowledge is updated. This can be achieved through personal learning and through effective collaboration with other analysts and engineers within the global team.
CISCO Security Analyst

Requirements

  • Advanced English Speaker. Fluent in verbal and written English. High Proficiency level (85%>)Must).
  • Cisco CCNA Modules 3-4 (must).
  • Schedule flexibility (must).
  • At least 1 year of experience in a technical support role (Highly desired).
  • At least 6 months of experience working with networking equipment (preferably with security appliances)
  • Ability to work by objectives and meet deadlines.
  • Self-learner.
  • Experience handling and analyzing large amounts of data from different sources, using MS Excel or similar tools.
  • Student of Information Security or similar. (Desired).
  • Studies in other technical certifications are desired (Microsoft). (Desired).
  • Experience working with several Operating Systems (Windows, Linux). (Desired).
  • Basic knowledge on computer programming languages. (Desired).

Apply Now

Two simple ways to apply: walk in without an appointment during the schedule below, or fill out the form and we’ll contact you shortly.

INTERVIEWING CANDIDATES RIGHT NOW IN
SAN PEDRO: MON-FRI: 8:00AM - 4:00PM (NO APPOINTMENT REQUIRED!)