Responsible for leading insider threat investigations within Meraki
Responsible for providing timely investigation summaries to relevant stakeholders such as Cisco Employment Legal, Meraki Legal, and Meraki Security Leadership
Own the insider risk management program at Meraki
Review logs, conduct threat hunts, and work with our Detection Engineering team to further enhance our proactive monitoring and alerting
Lead tabletop exercises with key stakeholders and partners
Develop metrics around Insider Risk monitoring, detection, and forecasting
Work with sister security teams to reduce threat surface areas and raise security awareness
Create runbooks and procedures for Tier 1 analysts to triage alerts
Evaluate, recommend, and improve upon existing technical and non-technical solutions to detect and respond to potential insider threats
You are an ideal candidate if you:
Are a US Citizen or US Green Card holder
Have a minimum of 12+ years of experience with a background in law enforcement, military, defense, or government operations supporting an insider risk program and/or conducting sophisticated threat or counterintelligence investigations to include experience in investigative and informational interviews.
Are knowledgeable of National and Federal Agency regulations pertaining to Insider Threat programs
Have relevant insider threat industry certifications such as Insider Threat Program Manager, CCITP-A (Certified Counter-Insider Threat Professional - Analysis) or CCITP-F)
Have experience with UAM, SIEM, DLP, and UEBA technologies
Have an executive presence with superb communication skills and ability to collaborate with multiple teams and intelligence source groups both internal and external to the organization
Possess previous people management and leadership experience
Have experience building and leading impactful security programs and teams
Have experience responding to high severity investigations and interviewing insider risk actors, witnesses, and impacted individuals
Bonus points for:
Professional experience in Information Security and/or Digital Forensics and relevant certifications
Able to write custom query logic for major SIEM tools
The ability to write SQL to search data warehouse databases