At Cisco Meraki, we are known for simplifying technology through our products and services - and for the people behind them. As the fastest growing cloud-managed networking team in the world, our technology architecture is changing the face of networking and making cloud-managed IT a reality. Our employees' groundbreaking ideas impact everything we do. Here, that means we take innovative ideas from the drawing board to solutions that have a real-world impact. You'll be part of a diverse and inclusive engineering team that have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every day.The Threat Management Response team stands as the last line of defense, providing round-the-clock monitoring and rapid incident response to safeguard our company and customers’ data against evolving threats. If you’re passionate about incident response, incident command, and want to make a tangible impact, this is the role for you! Join us, and you’ll help craft our strategy, refine our playbooks, and improve our response processes—driving meaningful change in how we combat security threats. Be a crucial part of our mission to protect and innovate!Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed. Key responsibilities:
Serve on a rotation of security crisis commanders, working with heads of every major product and engineering team as well as Cisco to ensure a quick mobilization for critical-severity incidents
Serve as an escalation point for incident commanders when escalations require immediate response
Familiarity with the following tools:
Security Incident and Event Monitoring (SIEM)
File Integrity Monitoring (FIM)
Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
Investigate security events for the following platforms and technologies:
Cloud (AWS, Azure, GCP)
Cisco physical and virtual network devices and platforms
Previous experience with building and running a digital forensics program
Developing OKRs and program goals to mature incident response programs
Leading, mentoring, and growing managers and engineers
You are an ideal candidate if you:
Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
Have experience helping teams scope threat hunts, projects, incident response action plans
Have a calm methodical approach to leading teams investigating potential threats
Have minimum of 5 years leadership in cybersecurity roles professionally managing global teams with 25 or more team members
Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response
Familiarity with SQL to search data warehouses and large datasets for signs of compromise
Familiarity with Splunk Query Language
Bonus points for:
Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
Familiarity with detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
Coding/scripting experience in one or more languages.
Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.