Cisco Security Incident Commander Threat Management Response 

Australia, New South Wales, Sydney 

505438491

Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed. The core working hours for this position are Monday through Friday, 9:30 AM to 6:30 PM AEDT, based on your local time zone.

• Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidents
• Serve as incident commander when escalations from security analysts require immediate response
• Write SQL to search data warehouses and large datasets for signs of compromise
• Respond to high severity incidents and handle the remediation process. (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.)
• Familiarity with the following tools:
• Security Incident and Event Monitoring (SIEM)
• File Integrity Monitoring (FIM)
• Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
• Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
• Investigate security events for the following platforms and technologies:
• Cloud (AWS, Azure, GCP)
• Cisco physical and virtual network devices and platforms
• Assist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threat
• Write response runbooks and author documentation on organizational response processes

• Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
• Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior
• Have a calm methodical approach to investigating potential threats
• Have minimum of 5 years worked in cybersecurity roles professionally
• Have the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki’s security logging or security investigation infrastructure
• Expertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutions
• Understand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilege
• Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response

• Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
• Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
• Networking expertise with LAN/WAN routing and high-availability routing protocols like OSPF, BGP4/iBGP, EIGRP, and NSRP.
• In-depth knowledge of detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
• Coding/scripting experience in one or more languages.
• Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
• Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.