Information Security Operations Engineer

Meet the Team

The SBG Security Operations Team detects and defends against adversarial events in SBG

(Security Business Group) computing environments through strategic vulnerability

Management, threat detection, and incident response disciplines. We are part of a larger

SBG Product Assurance organization whose mission is to earn and sustain the trust of our engineering teams and leadership by ensuring SBG offers and products are delivered to the world with the highest standards of security.

Team is seeking an experienced senior Information Security Operations Engineer to help accomplish this mission.

Your Impact

As a senior incident response engineer, you will combine deep technical ability with strong collaboration and leadership skills to provide technical thought leadership across the various security operations disciplines including incidence response, threat detection and vulnerability management.

Core Responsibilities:

• Incident Detection and Triage: Monitor SIEM for alerts and anomalies. Identify and triage potential security incidents (e.g., malware infections, phishing, data ex-filtration).
• Incident Response and Mitigation: Lead investigations into confirmed incidents. Contain, eradicate, and recover from security events. Coordinate with internal stakeholders to implement remediation. Collect and preserve evidence for internal investigations or potential legal action. Contribute to incident response teams, maintaining relevant communication in emails, ticket summaries, analysis and reporting. Work with Incident handlers to provide recommendations for remediation of compromised systems and any relevant countermeasures.
• Threat Analysis and Hunting: Perform threat hunting to proactively identify risks. Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
• Playbook and Automation Development: Develop and enhance incident response playbooks. Identify opportunities for automation to streamline incident handling.
• Post-Incident Activities: Lead post-incident reviews (PIRs), documenting lessons learned. Recommend and track corrective actions to prevent recurrence. Be able to translate incident response outcomes into documentation and reports to satisfy audit and compliance reviews.

Other Responsibilities

• Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.
• Applying the output of threat hunts into new detections and gap assessment
• Build automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior.
• Review, create or document standard operating procedures, recommendations, projects specific documents and resource guides as needed.
• Supervise vulnerabilities and work with engineering teams to drive proper mitigations.
• Supervise security operations queues to ensure timely triage of operations events and requests
• Supervise global vulnerability feeds, assess impact to the business and respond promptly.
• Participate in security incident investigations and retrospect on security events
• Ensure all required logging is enabled and collected in SIEM tool
• Participate in on-call rotations as needed to support continuous monitoring needs that may lay outside of business hours

Who You Are

You have broad and deep knowledge and experience in providing security operations services including Incident Response, Vulnerability mgmt., and Threat Hunting, in various cloud native environments. You are motivated to work with multi-functional teams and drive things together to accomplish role objectives. You thrive in a fast-paced environment and seek ownership of large, critical projects. We're looking for people who enjoy crafting solutions to tackle problems rather than focusing on completing tasks as fast as possible.

Required Qualifications

• Bachelors or Master’s degree in information security or equivalent with minimum 10 years of Security Operations experience
• Demonstrated ability administering and operating security tooling such as Nessus, OSQuery, Splunk, Burpsuite, Nmap, Wireshark, Falco, Tenable, Wiz.io, etc.
• Thorough technical expertise in administrating/operating and supporting various public cloud technologies including AWS, Azure and GC
• Ability to create custom correlation rules to detect known or suspected malware traffic patterns within security tools
• Packet-level knowledge of TCP/IP protocols and network applications and an understanding of TCP/IP routing behaviors
• Certifications such as CEH, Splunk, CISSP, Cloud Certs – AWS/GCP/Azure
• Understanding of regular expression and expertise in various query languages including Splunk and Jira.
• Demonstrated experience operating in regulated environments and ensuring incident response activities are aligned with compliance requirements.
• Familiarity with and ability to support incident response practices aligned with SOC 2, IRAP, ISO/IEC 27001, NIST 800-53, HIPAA, and other relevant regulatory standards.
• Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques and methods to construct the appropriate remediation.
• Experience developing playbooks, run books, solve technical issues, and recognize and identifying patterns to reduce ticket volume
• Ability to write scripts (e.g., Python, PowerShell, Bash) to automate tasks.
• Strong knowledge of security standard methodologies, principles, and common security frameworks. Such as MITRE ATT&CK, NIST, ISO 27001, OWASP-Top 10, CIS benchmarks.
• Knowledge of TCP/IP, AI tools, CVSS, Linux, Virtualization, Containers
• Strong communication, organizational, and problem-solving skills in a dynamic environment
• Effective documentation skills, to include technical diagrams and written descriptions
• Ability to work independently and as part of a team with professional demeanor.

#WeAreCisco

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Simply put – we power the future.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.

We are Cisco, and our power starts with you.