Cisco Information Security Operations Engineer Vulnerability 

India, Karnataka, Bengaluru 

463512275

Your Impact

What You’ll Do

As a senior incident response engineer, you will combine deep technical ability with strong collaboration and leadership skills to provide technical thought leadership across the various security operations disciplines including incidence response, threat detection and vulnerability management.

Core Responsibilities:

Monitor SIEM for alerts and anomalies. Identify and triage potential security incidents (e.g., malware infections, phishing, data exfiltration).

Perform threat hunting to proactively identify risks. Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).

Develop and enhance incident response playbooks. Identify opportunities for automation to streamline incident handling.

Lead post-incident reviews (PIRs), documenting lessons learned. Recommend and track corrective actions to prevent recurrence.

Be able to translate incident response outcomes into documentation and reports to satisfy audit and compliance reviews.

Other Responsibilities

Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.

Applying the output of threat hunts into new detections and gap assessment

Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.

Build automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior.

Review, create or document standard operating procedures, recommendations, projects specific documents and resource guides as needed.

Supervise security operations queues to ensure timely triage of operations events and requests

Participate in security incident investigations and retrospect on security events

Ensure all required logging is enabled and collected in SIEM tool

Who You Are

You have broad and deep knowledge and experience in providing security operations services including Incident Response, Vulnerability mgmt., and Threat Hunting, in various cloud native environments.

Bachelors or Master’s degree in information security or equivalent with minimum 10 years of Security Operations experience

Demonstrated ability administering and operating security tooling such as Nessus, OSQuery, Splunk, Burpsuite, Nmap, Wireshark, Falco, Tenable, Wiz.io, etc.

Thorough technical expertise in administrating/operating and supporting various public cloud technologies including AWS, Azure and GCP

Ability to create custom correlation rules to detect known or suspected malware traffic patterns within security tools

Packet-level knowledge of TCP/IP protocols and network applications and an understanding of TCP/IP routing behaviors

Certifications such as CEH, Splunk, CISSP, Cloud Certs – AWS/GCP/Azure

Understanding of regular expression and expertise in various query languages including for Splunk and Jira

Demonstrated experience operating in regulated environments and ensuring incident response activities are aligned with compliance requirements.

Familiarity with and ability to support incident response practices aligned with SOC 2, IRAP, ISO/IEC 27001, NIST 800-53, HIPAA, and other relevant regulatory standards.

Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques and methods to construct the appropriate

Experience developing playbooks, run books, solve technical issues, and recognize and identify patterns to reduce ticket volume

Ability to write scripts (e.g., Python, PowerShell, Bash) to automate tasks.

Strong knowledge of security standard methodologies, principles, and common security frameworks. Such as MITRE ATT&CK, NIST, ISO 27001, OWASP-Top 10, CIS benchmarks.

Strong communication, organizational, and problem-solving skills in a dynamic environment

Effective documentation skills, to include technical diagrams and written descriptions

This is the Standard and cannot be changed