Information Security Operations Engineer | Vulnerability Management |threat Hunting | Exp 10

Meet the Team Who We Are The SBG Security Operations Team detects and defends against adversarial events in SBG Security Business Group computing environments through strategic vulnerability management threat detection and incident response disciplines We are part of a larger SBG Product Assurance organization whose mission is to earn and sustain the trust of our engineering teams and leadership by ensuring SBG offers and products are delivered to the world with the highest standards of security The SBG Security Operations Team is seeking an experienced senior Information Security Operations Engineer to help accomplish this mission Your Impact What You ll Do As a senior incident response engineer you will combine deep technical ability with strong collaboration and leadership skills to provide technical thought leadership across the various security operations disciplines including incidence response threat detection and vulnerability management Core Responsibilities Incident Detection and Triage Monitor SIEM for alerts and anomalies Identify and triage potential security incidents e g malware infections phishing data exfiltration Incident Response and Mitigation Lead investigations into confirmed incidents Contain eradicate and recover from security events Coordinate with internal stakeholders to implement remediation Collect and preserve evidence for internal investigations or potential legal action Contribute to incident response teams maintaining relevant communication in emails ticket summaries analysis and reporting Work with Incident handlers to provide recommendations for remediation of compromised systems and any relevant countermeasures Threat Analysis and Hunting Perform threat hunting to proactively identify risks Analyze indicators of compromise IOCs and tactics techniques and procedures TTPs Playbook and Automation Development Develop and enhance incident response playbooks Identify opportunities for automation to streamline incident handling Post-Incident Activities Lead post-incident reviews PIRs documenting lessons learned Recommend and track corrective actions to prevent recurrence Be able to translate incident response outcomes into documentation and reports to satisfy audit and compliance reviews Other Responsibilities o Monitor various security blogs alerts and notifications RSS feeds and forums to keep abreast of the latest security news attacks threats vulnerabilities and exploits o Applying the output of threat hunts into new detections and gap assessment o Monitor various security blogs alerts and notifications RSS feeds and forums to keep abreast of the latest security news attacks threats vulnerabilities and exploits o Build automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior o Review create or document standard operating procedures recommendations projects specific documents and resource guides as needed o Supervise vulnerabilities and work with engineering teams to drive proper mitigations o Supervise security operations queues to ensure timely triage of operations events and requests o Supervise global vulnerability feeds assess impact to the business and respond promptly o Participate in security incident investigations and retrospect on security events o Ensure all required logging is enabled and collected in SIEM tool o Participate in on-call rotations as needed to support continuous monitoring needs that may lay outside of business hours Who You Are You have broad and deep knowledge and experience in providing security operations services including Incident Response Vulnerability mgmt and Threat Hunting in various cloud native environments You are motivated to work with multi-functional teams and drive things together to accomplish role objectives You thrive in a fast-paced environment and seek ownership of large critical projects We re looking for people who enjoy crafting solutions to tackle problems rather than focusing on completing tasks as fast as possible Required Qualifications o Bachelors or Master s degree in information security or equivalent with minimum 10 years of Security Operations experience o Demonstrated ability administering and operating security tooling such as Nessus OSQuery Splunk Burpsuite Nmap Wireshark Falco Tenable Wiz io etc o Thorough technical expertise in administrating operating and supporting various public cloud technologies including AWS Azure and GCP o Ability to create custom correlation rules to detect known or suspected malware traffic patterns within security tools o Packet-level knowledge of TCP IP protocols and network applications and an understanding of TCP IP routing behaviors o Certifications such as CEH Splunk CISSP Cloud Certs - AWS GCP Azure o Understanding of regular expression and expertise in various query languages including for Splunk and Jira o Demonstrated experience operating in regulated environments and ensuring incident response activities are aligned with compliance requirements o Familiarity with and ability to support incident response practices aligned with SOC 2 IRAP ISO IEC 27001 NIST 800-53 HIPAA and other relevant regulatory standards o Experience analyzing events or incidents to triage the issue find the root cause through log and forensic analysis and determine security vulnerabilities attacker exploit techniques and methods to construct the appropriate remediation Experience developing playbooks run books solve technical issues and recognize and identify patterns to reduce ticket volume Ability to write scripts e g Python PowerShell Bash to automate tasks o Strong knowledge of security standard methodologies principles and common security frameworks Such as MITRE ATT CK NIST ISO 27001 OWASP-Top 10 CIS benchmarks o Knowledge of TCP IP AI tools CVSS Linux Virtualization Containers o Strong communication organizational and problem-solving skills in a dynamic environment o Effective documentation skills to include technical diagrams and written descriptions o Ability to work independently and as part of a team with professional demeanor WeAreCisco This is the Standard and cannot be changed WeAreCisco where every individual brings their unique skills and perspectives together to pursue our purpose of powering an inclusive future for all Our passion is connection-we celebrate our employees diverse set of backgrounds and focus on unlocking potential Cisconians often experience one company many careers where learning and development are encouraged and supported at every stage Our technology tools and culture pioneered hybrid work trends allowing all to not only give their best but be their best We understand our outstanding opportunity to bring communities together and at the heart of that is our people One-third of Cisconians collaborate in our 30 employee resource organizations called Inclusive Communities to connect foster belonging learn to be informed allies and make a difference Dedicated paid time off to volunteer-80 hours each year-allows us to give back to causes we are passionate about and nearly 86 do Our purpose driven by our people is what makes us the worldwide leader in technology that powers the internet Helping our customers reimagine their applications secure their enterprise transform their infrastructure and meet their sustainability goals is what we do best We ensure that every step we take is a step towards a more inclusive future for all Take your next step and be you with us Message to applicants applying to work in the U S and or Canada When available the salary range posted for this position reflects the projected hiring range for new hire full-time salaries in U S and or Canada locations not including equity or benefits For non-sales roles the hiring ranges reflect base salary only employees are also eligible to receive annual bonuses Hiring ranges for sales positions include base and incentive compensation target Individual pay is determined by the candidate s hiring location and additional factors including but not limited to skillset experience and relevant education certifications or training Applicants may not be eligible for the full salary range based on their U S or Canada hiring location The recruiter can share more details about compensation for the role in your location during the hiring process U S employees have to quality medical dental and vision insurance a 401 k plan with a Cisco matching contribution short and long-term disability coverage basic life insurance and numerous wellbeing offerings Employees receive up to twelve paid holidays per calendar year which includes one floating holiday for non-exempt employees plus a day off for their birthday Non-Exempt new hires accrue up to 16 days of vacation time off each year at a rate of 4 92 hours per pay period Exempt new hires participate in Cisco s flexible Vacation Time Off policy which does not place a defined limit on how much vacation time eligible employees may use but is subject to availability and some business limitations All new hires are eligible for Sick Time Off subject to Cisco s Sick Time Off Policy and will have eighty 80 hours of sick time off provided on their hire date and on January 1st of each year thereafter Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours Employees in Illinois have a unique time off program designed specifically with local requirements in mind All employees also have access to paid time away to deal with critical or emergency issues We offer additional paid time to volunteer and give back to the community Employees on sales plans earn performance-based incentive pay on top of their base salary which is split between quota and non-quota components For quota-based incentive pay Cisco typically pays as follows 75 of incentive target for each 1 of revenue attainment up to 50 of quota 1 5 of incentive target for each 1 of attainment between 50 and 75 1 of incentive target for each 1 of attainment between 75 and 100 and once performance exceeds 100 attainment incentive rates are at or above 1 for each 1 of attainment with no cap on incentive compensation For non-quota-based sales performance elements such as strategic sales objectives Cisco may pay up to 125 of target Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid