Security Incident Commander, Threat Management Response - Meraki At Cisco Meraki, we know that technology can connect, empower, and drive us. Our mission is to simplify technology so our customers can focus on what's most significant to them: their students, patients, customers, and businesses. We're making networking easier, faster, and sophisticated with technology that simply works. At Meraki, you will be a part of a tight-knit engineering organization working with hardworking, effective engineers. A significant influence over the tools that we use to supervise and audit our system and where we choose to deploy them. Responsible for coordinating the response to security incidents. You will support other security teams in driving business-friendly security and process improvements. Finally, by developing our capabilities to promptly detect threats, you will have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that rely on Meraki access points, switches, security appliances, and cameras every single day! The Threat Management Response team is responsible for 24x7x365 monitoring and rapid incident response for all Cisco Meraki environments. We are the last line of defense to protect the company and our customer's data from threat actors and adversaries. Incidents can happen at any time, as such this position requires on-call work (including overnight and weekends) on an as-needed basis. The core hours for this position are 9:30 AM PST - 6:30 PM PST, Monday through Friday. Key responsibilities: Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidents Serve as incident commander when escalations from security analysts require immediate response Write SQL to search data warehouses and large datasets for signs of compromise Respond to high severity incidents and handle the remediation process (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.) Familiarity with the following tools: Security Incident and Event Monitoring (SIEM), File Integrity Monitoring (FIM), Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR), Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc. Investigate security events for Cisco physical and virtual network devices and platforms Assist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threat Write response runbooks and author documentation on organizational response processes You are an ideal candidate if you: Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior Have a calm methodical approach to investigating potential threats Have minimum of 5 years worked in cybersecurity roles professionally Have the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki's security logging or security investigation infrastructure Expertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutions Understand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilege Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response Relevant industry security certifications such as CISSP, SANS GIAC (e.g. GCIH, GNFA, GCFE, GCFA, GREM), AWS certifications (SAA, SAP, or SCS), etc. Familiarity with other security verticals such as Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, Offensive Security Valuable knowledge of detection tools, for example: Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard Duty Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures #J-18808-Ljbffr