Incident Response Consultant - 1373487

August 15, 2022 - Issy Les Moulineaux, France or EMEA

We understand from experience that not ticking every box on the skills sections stops many from applying. You should apply if you feel you are the right person for the job and have the ability to learn and deliver results

What You’ll Do

The Cisco Talos Incident Response Consultant will work with Cisco customers, using established methodologies, to perform a variety of reactive and proactive Incident Response related activities. These may include emergency investigations of cyber incidents, threat intelligence research, proactively hunting for adversaries in customer environments, designing and performing Table-Top Exercises, performing IR Readiness Assessments, and teaching an immersive Cyber Range workshop. The Incident Response Consultant will also be responsible for consulting with customers on projects that will support tactical and strategic Incident Response business objectives.

Cisco Talos Incident Response Consultants will provide verbal and written technical communication concisely to a variety of stakeholders. They must have familiarity with participating in high stress investigations or critical projects, along with an ability to learn new concepts rapidly and process them to create guidance or new instructions for handling an incident.

Who You’ll Work With

When you work with us, you’ll be part of a global team of highly empowered Incident Response and Cyber Threat Intelligence professionals who work as a collaborative team focused on helping our clients be both better prepared to defend against adversaries on their network, as well as responding to active incidents within their network.

Who You Are

*Both your clients and your colleagues consider you a charismatic, articulate individual, and a born diplomat. You check your ego at the door and learn from others constantly, while also helping to educate those who aren’t as well versed as you are in technical or procedural topics. As a result, you have a track record of working tirelessly to help your clients and teammates and have even come up with some novel techniques in your time. You are willing to routinely travel with less than 24-hour notice, up to 20% of the time.

Required Skills:

  • Respond to global cyber incidents caused by internal and external threats to our customers, that may involve nontraditional working hours.
  • Understanding of recent adversary attacks and how best to detect, contain, and remediate recent threats.
  • Foundational familiarity and understanding of host centric analysis applying a variety of forensic tools (e.g. EDR, X-Ways, Volatility, Cisco Secure Endpoint, Velociraptor, etc.).
  • Familiarity with network forensic analysis with an understanding of how to leverage network telemetry to assist with an investigation.
  • French & English language expertise
  • Understands, and can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life * * Cycle as it relates to recent known adversary activity.
  • Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience.
  • Be able to assist with scoping an incident, gain consensus on objectives with customers, and participate in a team of incident response consultants during an emergency engagement.
  • Familiarity with the theory of threat hunting, and how to proactively hunt for adversaries on customer networks leveraging a variety of tools and techniques.
  • Understand the concept of Table-Top Exercises, and preferably have experience with conducting or participating in Table-Top Exercises previously.
  • Understand the concept of performing Incident Response Readiness Assessments for customers, and an understanding of performing interviews and document review.
  • Familiarity with the process of collaborating on developing written communication of assessments, and reports that may be both internal and customer facing, this includes communication to various levels including technical teams, leadership, and executive management.
  • Serve as a liaison to different businesses and interface with fellow team members and colleagues on other security teams.
  • Participate in IR related consulting projects as directed.
  • Be a contributor to process improvement. Help to develop and document process improvements to ensure efficient, consistent, and scalable consulting operations.
  • Interest in helping to develop public facing material such as blog posts, podcasts, whitepapers, or presentations at conferences.

Desired Characteristics and Experience:

  • Familiarity of current cyber security threats, attacks, and countermeasures. Such as Ransomware, Cyber * Crime, Hacktivism and associated tactics.
  • Interest in recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities.
  • Preferred: Prior experience in information security and experience handling or investigating cyber security incidents.
  • Must be willing to be on-call and work off-shift hours, potentially to include nights, weekends, and holidays.

IT Security Certifications

Preferred: Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE. Certifications are not a requirement for this position. The certifications listed provide examples of the skills required to be successful in the role.

Why Cisco Talos IR

We always strive to do the right thing, for our team, for our customers, and for the world!

Why Cisco

#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.

We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (36 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!

But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)

Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!

Cisco Covid-19 Vaccination Requirements

The health and safety of Cisco’s employees, customers, and partners is a top priority. Our goal is to protect and mitigate the spread of COVID-19 infection for strong business resiliency during the pandemic. Therefore, Cisco may require new hires to be fully vaccinated against COVID-19 if the role requires business-related travel, meeting with customers/partners (including visiting third-party sites on behalf of Cisco), attending trade events, and Cisco office entry, unless otherwise prohibited by applicable law, and in countries where COVID-19 vaccination is legally required. The company will consider legally required accommodations/exceptions for medical, religious, and other reasons as per the requirements of the role and in accordance with applicable law. Additional information will be provided to candidates about the requirements and accommodation process at the offer time based on region.

Clicking APPLY will direct you away from