Security Investigator in Durham, NC at GDH

Date Posted: 2/13/2018

Job Snapshot

Job Description

GDH is seeking candidates for a Tier 3 Security Investigator opportunity for the 3rd shift in Research Triangle Park, NC.

Conduct Security Investigations to include:

Investigation of suspicious incidents on customer networks with a variety of tools.

Recommendations of modification of automated detection operational features of multiple industry standard tools.

Review and recommendations of implementation of optimal tuning for variety of industry standard tools on customer networks.

Develop correlation events to introduce higher fidelity alerts into the SOC.

Review of deployed policies across multiple customer sites for effective tuning.

Provide advice and guidance to ATA SOC and Customers in attack vectors, methodologies, operations and remediation.

Provide reactive and proactive monitoring of Customer data confidentiality and integrity, ensuring proper handling and protection electronically, physically, and verbally.

Document best practices with the SOC staff using available collaboration tools and workspaces.

Effectively communicate thru written (ITSM, e-mail, etc.), telephonic and on occasion in-person communications with Cisco employees and Customer employees when required.

Perform any associated tasks with identifying, quantifying, designing and implementing detection for new and emerging security threats.

Technical Skills


•        Detailed understanding of the TCP/IP protocol suite


•        System Administrator-level expertise in multi-user operating systems including Unix flavors and Microsoft Windows



•        Demonstrated expertise in current modern security attacks and threats


•        Demonstrated expertise in malware analysis, categorization, and attribution


•        Sandboxing technologies and products, commercial and open source


•        Malware reverse-engineering and disassembly skills a plus


•        Understanding of security incidents involving alternate OSs including Android and iOS


•        Experience in scripting in one or more languages: shell, perl, python, or PHP


•        Experience with virtualization technologies including VMWare, OpenStack, and other hypervisors


•        General Cisco network security product and technology knowledge:


•        Firewalls, Intrusion Prevention Systems, Web and Email Security


•        Route and switch infrastructure


•        Network security configuration and troubleshooting


•        non-Cisco product and technology knowledge a plus

Desired Education and Certifications

BA/BS degree with 8-10 years of IT and/or security experience

Incident Response and SOC experience a plus

Cisco Next-generation IPS product certifications:


•        Sourcefire Certified Expert (SFCE) a plus


•        Sourcefire AMP Endpoint Specialist a plus


•        Industry certifications such as CISSP, SANS GCIH


•        Cisco network certifications, such as CCNA, CCDA, or CCSP a plus

Experience with Snort or other intrusion detection tools, NetFlow telemetry and malware traffic analysis tools, and full-packet capture tools and anomaly detection tools

Familiarity with the latest malicious code trends, including experience with exploits, exploit kits and malware

Own Security research, presentations and publications a plus

Additional Skills

Mentoring experience; excellent English (verbal and written); strong teamwork; demonstrated Customer Service, communications and troubleshooting skills.

Proven crisis management skills; experience with operations processes, such as ITIL, CMM, or Six Sigma