Information Security Investigation Manager– Security/Managed Services

  • Location:
    London, England, United Kingdom
  • Area of Interest
    Professional Services
  • Job Type
  • Technology Interest
  • Job Id

What You’ll Do

-             Receive and respond to client emails regarding security incidents and queries.

-          Cultivate intimate knowledge of clients through regular engagement and intrusion analysis of client environment and sector.

-             Own and drive resolution between SOC staff and client, including security incidents and device faults

-       Manage SOC knowledge of changes to customer environment, including documentation

-             Participate in on-call rotation for IMs - 24x7x365

-             Research and observe trends at client sites, provide reports and presentations to clients representing trends and incidents Share incidents and intelligence via conference presentations, intelligence exchanges, informal mailing lists, and social media

-             Mentor investigators and analysts in investigative skills and customer engagements

-             Vigilantly protect customer data, ensuring proper handling and protection electronically, physically, and verbally

-             Publish security advisory notifications to customers

-             Conduct quality assurance for all MSS processes

-             Conduct threat research including how it affects clients

-             Conduct online forensic investigations of devices (routers, - switches, UNIX and Windows hosts)

-             Review device logs, packet capture, and all forms of telemetry; interpret data

-             Interview personnel to obtain information related to investigation

-             Maintain up-to-date information in secure case management system

-             Identify and implement incident mitigation, including null routing, ACL changes, DNS poisoning, account disabling, application offlining, etc.

-             Effect resolution by driving coordination across infrastructure, law enforcement, human resources, legal, and lines of business


Who You’ll Work With

The Information Security Investigations Manager (IM) is the senior technical resource for the Cisco Advanced Threat Analytics (ATA) Service. This position requires the IM to direct and mentor Secure Operations Center staff, operate across the ATA team to drive requirements for analytics, and work side by side with the ATA Engagement Manager to deliver the service. The IM engages directly with customers on a daily basis and leads the technical aspects of this service by maintaining relationships with customer peers. The IM also leads cross-functional research and development initiatives for the ATA service.


Who You Are

The Information Security Investigations Manager (IM) has a deep technical understanding of the Managed Security Services (MSS) technologies; intrusion analysis, anomalous behavior analysis, and threat intelligence. This role holds a leadership position engaging clients and must have the ability to lead and direct co-workers that are not direct reports. The IM is required to stay abreast of changes in the customer environment and effectively communicate those changes to the SOC staff. The IM will remain up-to-date on active security threats and events across all sectors with specific focus on assigned customer sector. The IM will also be a part of an on-call rotation to cover after-hours customer response and SOC escalation. Constant interaction with client teams and internal teams required.


Required Skills:

-             Detailed understanding of the TCP/IP protocol suite

-             System administrator-level expertise in multi-user operating systems including Unix variants and Microsoft Windows

-             Demonstrated expertise in modern security attacks and threats, including the attack chain

-             Demonstrated expertise in malware analysis, categorization, and attribution (malware reversal and disassembly skills a plus)

-             Strong understanding and experience with security incidents involving alternate OSs including Android and iOS

-             Experience scripting in one or more of the following languages: shell, perl, python, or PHP

-             A detailed understanding of the common technologies found in enterprise IT environments including datacenter and Internet edge technologies

-             Experience troubleshooting network security for enterprise customers

-             Experience with virtualization technologies including VMWare, OpenStack, and various hypervisors

-             Ability to conduct basic configuration and troubleshooting of IT systems

-             Strong understanding of Cisco networking technologies: ASA, IPS, WSA, ACS, VPN

-             Strong understanding of Cisco IOS Desired Qualifications and Skills

-             BA/BS degree with proven IT and/or security experience

-             Sourcefire Certified Expert (SFCE)

-             Familiar with the latest malicious code trends, including experience with exploits and malware

-             Demonstrate customer service, communications, troubleshooting skills

-             Industry certifications such as CISSP, SANS GCIH

-             Cisco network certifications, such as CCNA, CCDA, or CCSP

-             Experience with operations processes, such as ITIL, CMM, or Six Sigma

-             Experience with Snort or other intrusion detection tools Experience with anomaly detection, full-packet capture

-             Experience with ElasticSearch, NetFlow, Silk, Solera, and OpenSOC components


Why Cisco

We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who aren’t afraid to change the way the world works, lives, plays and learns. We are thought leaders, tech geeks, pop culture aficionados, and we even have a few purple haired rock stars. We celebrate the creativity and diversity that fuels our innovation. We are dreamers and we are doers. We Are Cisco.


We connect everything - people, process, data and things. We innovate everywhere to create fresh ideas and possibilities. We make a meaningful difference that will benefit everyone - our people, our customers and the world around us.

Our technology changes the way the world works, lives, plays and learns. But our edge doesn't come from technology. It comes from our people. We're looking for the kind of people who take smart risks, thrive in diverse environments, inspire their colleagues, and are committed to having an impact on the world. Whether you create technology solutions that redefine business or build connections that strengthen the community, you can make it happen at Cisco!

Powered ByLogo