Cisco Security Engineer – ATA (Contract) – Los Angeles, CA

Our large public sector client in Los Angeles is looking to obtain the services of up to three Consultants to perform security incident response (IR) for incident tickets opened by the Client’s managed security service provider (MSSP). The Consultants will be working to remediate security incidents identified by the Cisco Active Threat Analytics (ATA) service from “end-to-end” once received from the 7x24x365 MSSP. The Consultants will also help to refine the security incident response process for Cisco ATA security incident tickets by analyzing the current process to reduce the number of steps, handoffs, and bottlenecks.

Description of Duties

  • Resolve Cisco ATA tickets assigned from the Client’s 7x24x365 managed security service expeditiously (includes reviewing and working on cases on the portal and providing details for case closure). Meet or exceed SLA for all ATA tickets.
  • Support other departments in resolving Cisco ATA ticket assigned to them for resolution.
  • Ensure compliance daily – all servers in data center must have NXLogs agent and logs must be delivered to ATA.
  • Provide in-depth support for information security incidents, including, internal violations, hacker attacks, viruses, unauthorized system access, and identifying and recognizing incidents of compromise (IOC’s) and how they are used at the network level.
  • Provide recommendations to improve information security incident response processes related to host and network security in accordance with policies and procedures.
  • Analyze and interpret system, security, and application logs in order to diagnose faults and spot abnormal behavior.
  • Configure and manage typical security enforcing devices and other common devices such as routers and switches (i.e., firewalls, IDS/IPS, Internet proxy, etc.).
  • Identify issues/problems and coordinate with customers regarding recommendations and resolution to security incidents.
  • Analyze threat intelligence feeds received, and correlate ATA cases and investigations with affected customer departments.
  • Work with customer departments to facilitate the telemetry ingestion into the ATA managed security service.
  • Participate in regularly scheduled project review meetings and conference calls.
  • Work with the MSSP vendor to review documents and information collected, and assist in the process of documenting the identification, classification, and prioritization of critical systems and data.
  • Setup and execute on-demand reports requested by customer and management.
  • Provide knowledge transfer and/or training to Security Operations Section staff and ATA portal customers/users.
  • Provide after-hours and weekend support on an as-needed basis.

Minimum Requirements

  • One (1) year of experience in the last three (3) years managing and/or supporting a production security incident response environment, including working with end-users to investigate, analyze, troubleshoot, and resolve security incident issues.
  • Two (2) years of experience in the last four (4) years as a security incident handler with experience detecting, responding, resolving, and managing computer and network security incidents, including, detecting malicious applications and network activity, detecting and analyzing system and network vulnerabilities, determining root causes, performing computer and network forensic investigations and leading a computer security incident response team.
  • Two (2) years of experience in the last four (4) years as a systems administrator or network engineer supporting a networked environment with 500+ servers, 5,000+ users and multiple firewalls, switches, and routers. The network environment must consist of multiple VLANs in a single location AND multiple physical locations connected through routers or similar layer-3 routing devices.
  • Three (3) years of experience in the last five (5) years in developing clear and precise process, workflow, and/or network diagrams using Microsoft Visio or similar tools, and technology-related documents such as operating procedures/guidelines, incident reports, technology standards, and knowledge base articles.
  • Two (2) years of experience in the last four (4) years in a security monitoring role.