Previous Job
Security Investigator
Ref No.: 18-05325
Location: RTP, North Carolina
The Information Security Investigator has a deep technical understanding of the Managed Security Services (Client) technologies; intrusion analysis, anomalous behavior analysis, and threat intelligence . This role holds is entrusted with intimately advising clients of threats and breaches, and must have the ability to lead and direct security analysts and fellow investigators. The investigator is required to maintain an intimate understanding of the customer environment and reflect such knowledge in The investigator will remain up-to-date on active security threats and events across all sectors with specific focus on customer sectors, specifically financial, retail, medical, and energy. The investigator will work in an assigned shift, and is required to be present physically and via secure messaging such as IRC and Cisco Jabber; constant interaction with the SOC staff is required.

Conduct in-depth investigations into security breaches at customer sites using all available tools within customer environment, Cisco, and online.
◦ Resolve cases escalated from security analysts (either as escalated ticket to customer or resolving as false positive.)
◦ Resolve cases dispatched from customers (CAT6), maintain daily dialog with customer on case until resolved.
◦ Review device logs, packet capture, and all forms of telemetry; interpret data
◦ Conduct online forensic investigations of devices (routers, - switches, UNIX and Windows hosts)
◦ Interview personnel to obtain information related to investigation
◦ Maintain up-to-date information in secure case management system
◦ Identify and implement incident mitigation, including null routing, ACL changes, DNS poisoning, account disabling, application offlining, etc.
◦ Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business
Vigilantly protect customer data, ensuring proper handling and protection electronically, physically, and verbally
Ensure assigned shift is covered personally or attended by an alternate investigator
Share incidents and intelligence via conference presentations, intelligence exchanges, informal mailing lists, and social media
Mentor analysts in investigative skills and customer communications
Maintain quality assurance for all MTD processes
Conduct threat research to determine how clients are affected by threats

Minimum Qualifications
The successful candidate will have an operational knowledge of Cisco's infrastructure and core security technologies, demonstrating experience in system or network administration.

Candidate must be demonstrate strong adherence to quality processes in work history, have experience working in a global support environment and pressure work environments, be willing to work off-hours, accommodate rotational work and case handling.

Required skills include:
Detailed understanding of the TCP/IP protocol suite
System administrator-level expertise in multi-user operating systems including Unix variants and Microsoft Windows
Demonstrated expertise in modern security attacks and threats, including the attack chain
Demonstrated expertise in malware analysis, categorization, and attribution (malware reversal and disassembly skills a plus)
Strong understanding and experience with security incidents involving alternate OSs including Android and iOS
Experience scripting in one or more of the following languages: shell, perl, python, or PHP
A detailed understanding of the common technologies found in enterprise IT environments including datacenter and Internet edge technologies
Experience troubleshooting network security for enterprise customers
Experience with virtualization technologies including VMWare, OpenStack, and various hypervisors
Ability to do basic configuration and troubleshooting
Cisco networking technologies: ASA, IPS, WSA, Client, VPN
Detailed knowledge of Cisco IOS
Experience with troubleshooting and investigating device and networking issues
Ability to analyze, use and configure small to medium networks. Proven crisis management skills

Desired Skills
BA/BS degree with 8-10 years of IT and/or security experience
Sourcefire Certified Expert (SFCE)
Familiar with the latest malicious code trends, including experience with exploits and malware
Demonstrate customer service, communications, troubleshooting skills
Industry certifications such as CISSP, SANS GCIH
Cisco network certifications, such as CCNA, CCDA, or CCSP
Experience with operations processes, such as ITIL, CMM, or Six Sigma
Experience with Snort or other intrusion detection tools
Experience with anomaly detection, full-packet capture
Experience with ElasticSearch, NetFlow, Silk, Solera, and OpenSOC components

Additional Skills
Excellent written communications
Strong teamwork