Incident Commander, Talos Incident Response - 1380028

What You'll Do
The Cisco Talos Incident Commander will work within established methodologies to perform a variety of Incident Response related activities for Cisco customers this will include emergency response to cyber incidents. It will from time to time also include proactively hunting for adversaries in customer networks, designing and performing Tabletop Exercises, and performing IR Readiness Assessments. Some other responsibilities include:

• Leading and working on projects that will support tactical and strategic business objectives.
• Demonstration of leadership abilities, clear and concise communication with a variety of stakeholders, ability to lead during a crisis
• Agility to adapt to changing environments, and a strong comprehension of malware, emerging threats and calculating risk will be critical to success.
• Respond to global cyber incidents caused by internal and external threats to our customers, that may involve nontraditional working hours.
• Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience.
• Be able to scope an incident, gain consensus on objectives with customers, and lead a team of incident response consultants during an emergency engagement.
• Design, lead and participate in Table-Top Exercises with customers
• Proactively hunt for adversaries on customer networks leveraging a variety of tools and techniques
• Lead and perform Incident Response Readiness Assessments for customers
• Draft communications, assessments, and reports that may be both internal and customer facing, to include leadership and executive management
• Understanding of different attacks and how best to design custom detection, containment, and remediation plans for customers
• Serve as a liaison to different businesses and work with fellow team members and colleagues on other security teams. As-needed, manage relationships with business partners, management, vendors, and external parties
• Develop and document processes to ensure consistent and scalable response operations
• Demonstrate industry leadership through blog posts and public speaking at conferences and events

Who You Are
Required Skills:

• Bachelors' Degree in Computer Science or a related technical degree; or, equivalent industry experience.
• Minimum 5 years of experience in information security and 4 years of experience handling incidents
• Ability to be on-call and work off-shift hours, to include nights, weekends, and holidays
• Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GFCA, and/or GCFE
• Willing to travel with less than 24-hour notice, up to 35% of the time
• Can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle.
• Detailed understanding of current cyber security threats, attacks, and countermeasures. Such as Advanced Persistent Threat (APT), Cyber Crime, Hacktivism and associated tactics
• Strong track record of understanding and interest in recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities.
• Specialize in host centric analysis utilizing a variety of tools (e.g. F-Response, X-Ways, Volatility, Cisco AMP, etc...)

We Are Cisco
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we're "old" (36 years strong) and only about hardware, but we're also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do - you can't put us in a box!
But "Digital Transformation" is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.
So, you have colorful hair? Don't care. Tattoos? Show off your ink. Like polka dots? That's cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!
Cisco COVID-19 Vaccination Requirements
The health and safety of Cisco's employees, customers, and partners is a top priority. Our goal is to protect and mitigate the spread of COVID-19 infection for strong business resiliency during the pandemic. Therefore, Cisco may require new hires to be fully vaccinated against COVID-19 if the role requires business-related travel, meeting with customers/partners (including visiting third-party sites on behalf of Cisco), attending trade events, and Cisco office entry, unless otherwise prohibited by applicable law, and in countries where COVID-19 vaccination is legally required. The company will consider legally required accommodations/exceptions for medical, religious, and other reasons as per the requirements of the role and in accordance with applicable law. Additional information will be provided to candidates about the requirements and accommodation process at the offer time based on region.