Cisco

Meet the Team

Who We Are

The SBG Security Operations Team detects and defends against adversarial events in SBG

(Security Business Group) computing environments through strategic vulnerability

management, threat detection, and incident response disciplines. We are part of a larger

SBG Product Assurance organization whose mission is to earn and sustain the trust of our engineering teams and leadership by ensuring SBG offers and products are delivered to the world with the highest standards of security.

The SBG Security Operations Team is seeking an experienced senior Information Security Operations Engineer to help accomplish this mission.

Your Impact

What You’ll Do

As a senior incident response engineer, you will combine deep technical ability with strong collaboration and leadership skills to provide technical thought leadership across the various security operations disciplines including incidence response, threat detection and vulnerability management.

Core Responsibilities:

• Incident Detection and Triage: Monitor SIEM for alerts and anomalies. Identify and triage potential security incidents (e.g., malware infections, phishing, data exfiltration).
• Incident Response and Mitigation: Lead investigations into confirmed incidents. Contain, eradicate, and recover from security events. Coordinate with internal stakeholders to implement remediation. Collect and preserve evidence for internal investigations or potential legal action. Contribute to incident response teams, maintaining relevant communication in emails, ticket summaries, analysis and reporting. Work with Incident handlers to provide recommendations for remediation of compromised systems and any relevant countermeasures.
• Threat Analysis and Hunting: Perform threat hunting to proactively identify risks. Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
• Playbook and Automation Development: Develop and enhance incident response playbooks. Identify opportunities for automation to streamline incident handling.
• Post-Incident Activities: Lead post-incident reviews (PIRs), documenting lessons learned. Recommend and track corrective actions to prevent recurrence.
• Be able to translate incident response outcomes into documentation and reports to satisfy audit and compliance reviews.

Other Responsibilities

o Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.

o Applying the output of threat hunts into new detections and gap assessment

o Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.

o Build automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior.

o Review, create or document standard operating procedures, recommendations, projects specific documents and resource guides as needed.

o Supervise vulnerabilities and work with engineering teams to drive proper mitigations.

o Supervise security operations queues to ensure timely triage of operations events and requests

o Supervise global vulnerability feeds, assess impact to the business and respond promptly

o Participate in security incident investigations and retrospect on security events

o Ensure all required logging is enabled and collected in SIEM tool

o Participate in on-call rotations as needed to support continuous monitoring needs that may lay outside of business hours

Who You Are

You have broad and deep knowledge and experience in providing security operations services including Incident Response, Vulnerability mgmt., and Threat Hunting, in various cloud native environments. You are motivated to work with multi-functional teams and drive things together to accomplish role objectives. You thrive in a fast-paced environment and seek ownership of large, critical projects. We're looking for people who enjoy crafting solutions to tackle problems rather than focusing on completing tasks as fast as possible.

Required Qualifications

o Bachelors or Master’s degree in information security or equivalent with minimum 10 years of Security Operations experience

o Demonstrated ability administering and operating security tooling such as Nessus, OSQuery, Splunk, Burpsuite, Nmap, Wireshark, Falco, Tenable, Wiz.io, etc.

o Thorough technical expertise in administrating/operating and supporting various public cloud technologies including AWS, Azure and GCP

o Ability to create custom correlation rules to detect known or suspected malware traffic patterns within security tools

o Packet-level knowledge of TCP/IP protocols and network applications and an understanding of TCP/IP routing behaviors

o Certifications such as CEH, Splunk, CISSP, Cloud Certs – AWS/GCP/Azure

o Understanding of regular expression and expertise in various query languages including for Splunk and Jira

o Demonstrated experience operating in regulated environments and ensuring incident response activities are aligned with compliance requirements.

o Familiarity with and ability to support incident response practices aligned with SOC 2, IRAP, ISO/IEC 27001, NIST 800-53, HIPAA, and other relevant regulatory standards.

o Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques and methods to construct the appropriate

remediation.

Experience developing playbooks, run books, solve technical issues, and recognize and identify patterns to reduce ticket volume

Ability to write scripts (e.g., Python, PowerShell, Bash) to automate tasks.

o Strong knowledge of security standard methodologies, principles, and common security frameworks. Such as MITRE ATT&CK, NIST, ISO 27001, OWASP-Top 10, CIS benchmarks.

o Knowledge of TCP/IP, AI tools, CVSS, Linux, Virtualization, Containers

o Strong communication, organizational, and problem-solving skills in a dynamic environment

o Effective documentation skills, to include technical diagrams and written descriptions

o Ability to work independently and as part of a team with professional demeanor.

#WeAreCisco

(This is the Standard and cannot be changed)

#WeAreCisco where every individual brings their unique skills and perspectives together to pursue our purpose of powering an inclusive future for all.

Our passion is connection—we celebrate our employees’ diverse set of backgrounds and focus on unlocking potential. Cisconians often experience one company, many careers where learning and development are encouraged and supported at every stage. Our technology, tools, and culture pioneered hybrid work trends, allowing all to not only give their best, but be their best.

We understand our outstanding opportunity to bring communities together and at the heart of that is our people. One-third of Cisconians collaborate in our 30 employee resource organizations, called Inclusive Communities, to connect, foster belonging, learn to be informed allies, and make a difference. Dedicated paid time off to volunteer—80 hours each year—allows us to give back to causes we are passionate about, and nearly 86% do!

Our purpose, driven by our people, is what makes us the worldwide leader in technology that powers the internet. Helping our customers reimagine their applications, secure their enterprise, transform their infrastructure, and meet their sustainability goals is what we do best. We ensure that every step we take is a step towards a more inclusive future for all. Take your next step and be you, with us!

Read Full Description