Senior Incident Response Consultant - 1383649

February 05, 2023 - Remote (based in Italy or EU)

What You’ll Do

The Cisco Talos Senior Incident Response Consultant will work Cisco customers, using established methodologies, to perform a variety of reactive and proactive Incident Response related activities. These may include emergency investigations of cyber incidents, threat intelligence research, proactively hunting for adversaries in customer environments, designing and performing Table-Top Exercises, performing IR Readiness Assessments, and teaching an immersive Cyber Range workshop. The Senior Incident Response Consultant will also be responsible for leading and working on projects that will support tactical and strategic business objectives for customers. Demonstration of leadership abilities, clear and concise communication with a variety of customers and internal teams, ability to lead during a crisis, personal agility to adapt to changing environments, and a strong comprehension of adversary behavior, malware, emerging threats, and calculating risk.

Who You’ll Work With

When you work with us, you’ll be part of a global team of highly empowered Incident Response and Cyber Threat Intelligence professionals who work as a collaborative team focused on helping our clients be both better prepared to defend against adversaries on their network, as well as responding to active incidents within their network.

Who You Are

Both your clients and your colleagues consider you a personable, articulate individual, and a born diplomat. You learn from others constantly, while also helping to educate those who aren’t as well versed as you are in technical or procedural topics. As a result, you have a track record of working diligently to help your clients and teammates. You are willing to routinely travel with less than 24-hour notice, up to 20% of the time.

Required Skills

Investigate and respond to global cyber incidents caused by internal and external threats to our customers, that may involve out of hours working.

  • Can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle.
  • Familiarity with the MITRE ATT&CK framework, and how this can be used to translate findings into intelligence and countermeasures.
  • Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience.
  • Working capability or expertise with understanding of host centric analysis using a variety of forensic tools (e.g. EDR, X-Ways, Volatility, Cisco Secure Endpoint, Velociraptor, etc.).
  • Working capability or expertise with network forensic analysis with an understanding of how to use network telemetry to assist with an investigation.
  • Be able to scope an incident, gain consensus on objectives with customers, and lead a team of incident response consultants during an emergency engagement.
  • Ability to craft, lead, and participate in Incident Response Table-Top Exercises with customers.
  • Comfort with conducting proactive threat hunting for adversaries on customer environments, demonstrating a variety of tools and techniques.
  • Lead and perform Incident Response Readiness Assessments for customers.
  • Collaboratively draft communications, assessments, and reports that may be both internal and customer facing.
  • Understanding of different attacks and how best to design custom detection, containment, and remediation plans for customers.
  • Will serve as a liaison to different customers and collaborate with fellow team members and colleagues on other security teams. As needed, work with business partners, management, vendors, and external parties.
  • Demonstrate industry leadership through blog posts and public speaking at conferences and events
  • Bachelors’ Degree in Computer Science or a related technical degree; or equivalent industry experience.
  • Minimum 5 years of experience in information security and 4 years of experience handling incidents
  • Must be willing to be on-call and work off-shift hours, to include nights, weekends, and holidays

Desired Characteristics

  • Detailed understanding of current cyber security threats, attacks, and countermeasures. Such as Ransomware, Cyber Crime, Hacktivism, and associated tactics.
  • Strong track record of understanding and curiosity about recognized IT Security-related standards and technologies, demonstrated through training, job experience and/or industry activities.

IT Security Certifications

Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE.

Why Cisco Talos IR

We always strive to do the right thing, for our team, for our customers, and for the world!

Why Cisco

At Cisco, each person brings their unique talents to work as a team and make a difference.

Yes, our technology changes the way the world works, lives, plays and learns, but our edge comes from our people.

We connect everything – people, process, data and things – and we use those connections to change our world for the better.

We innovate everywhere - From launching a new era of networking that adapts, learns and protects, to building Cisco Services that accelerate businesses and business results. Our technology powers entertainment, retail, healthcare, education and more – from Smart-Cities to your everyday devices.

We benefit everyone - We do all of this while striving for a culture that empowers every person to be the difference, at work and in our communities.

Colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Be you, with us! #WeAreCisco

Cisco is an equal opportunity employer.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Cisco Covid-19 Vaccination Requirements

The health and safety of Cisco’s employees, customers, and partners is a top priority. Our goal is to protect and mitigate the spread of COVID-19 infection for strong business resiliency during the pandemic. Therefore, Cisco may require new hires to be fully vaccinated against COVID-19 if the role requires business-related travel, meeting with customers/partners (including visiting third-party sites on behalf of Cisco), attending trade events, and Cisco office entry, unless otherwise prohibited by applicable law, and in countries where COVID-19 vaccination is legally required. The company will consider legally required accommodations/exceptions for medical, religious, and other reasons as per the requirements of the role and in accordance with applicable law. Additional information will be provided to candidates about the requirements and accommodation process at the offer time based on region.


Clicking APPLY will direct you away from TalosIntelligence.com