Security Incident Commander, Threat Management Response (Remote)

At Cisco Meraki, we are known for simplifying technology through our products and services - and for the people behind them. As the fastest growing cloud-managed networking team in the world, our technology architecture is changing the face of networking and making cloud-managed IT a reality. Our employees' groundbreaking ideas impact everything we do. Here, that means we take innovative ideas from the drawing board to solutions that have a real-world impact. You'll be part of a diverse and inclusive engineering team that have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every day.

The Threat Management Response team stands as the last line of defense, providing round-the-clock monitoring and rapid incident response to safeguard our company and customers’ data against evolving threats. If you’re passionate about incident response, incident command, and want to make a tangible impact, this is the role for you! Join us, and you’ll help craft our strategy, refine our playbooks, and improve our response processes—driving meaningful change in how we combat security threats. Be a crucial part of our mission to protect and innovate!

Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed. The core working hours for this position are Monday through Friday, 9:30 AM to 6:30 PM PST, based on your local time zone.

Key responsibilities:

• Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidents
• Serve as incident commander when escalations from security analysts require immediate response
• Write SQL to search data warehouses and large datasets for signs of compromise
• Respond to high severity incidents and handle the remediation process. (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.)
• Familiarity with the following tools:
• Security Incident and Event Monitoring (SIEM)
• File Integrity Monitoring (FIM)
• Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
• Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
• Investigate security events for the following platforms and technologies:
• Cloud (AWS, Azure, GCP)
• Cisco physical and virtual network devices and platforms
• Assist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threat
• Write response runbooks and author documentation on organizational response processes

You are an ideal candidate if you:

• Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
• Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior
• Have a calm methodical approach to investigating potential threats
• Have minimum of 5 years worked in cybersecurity roles professionally
• Have the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki’s security logging or security investigation infrastructure
• Expertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutions
• Understand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilege
• Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response

Bonus points for:

• Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
• Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
• Networking expertise with LAN/WAN routing and high-availability routing protocols like OSPF, BGP4/iBGP, EIGRP, and NSRP.
• In-depth knowledge of detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
• Coding/scripting experience in one or more languages.
• Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
• Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.

At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.