Cisco Head Detection Engineering 

United States, Georgia, Atlanta 

857821654

Head of Detection Engineering

As a direct report of the Head of Threat Management, you will be responsible for leading Cisco Meraki’s Detection Engineering program. You will be responsible for helping build, maintain, and improve our threat detections and alerting infrastructure. You will also be responsible for ensuring Meraki Security has the right data collection and log visibility in place to discover threats against our infrastructure, data, employees, and customers. We are looking for engineers who are self-starters, curious, and are comfortable operating in environments where there are lots of unknowns.. This position will require frequent collaboration with the other Threat Management capabilities, including Threat Response, Insider Threat, and Threat Intelligence.

Key responsibilities:

• Oversee the strategic planning, execution, and continuous improvement of the detection engineering program.

• Develop and report on key performance metrics to track the effectiveness and maturity of the Detection Engineering program.

• Lead and mentor a team of two contractors ensuring alignment with program goals.

• Liaison with other Cisco Security teams and business units doing similar Detection and Response work

• Ideate, design, develop, test, monitor, and tune high-quality detections to ensure our security analysts can respond effectively to security threats.

• Write complete and well-documented alerting and detection strategies to provide necessary context and runbooks for security analysts and incident responders.

• Serve as a subject matter expert for security-relevant logs and data, assisting the Incident Response team during high-priority investigations.

• Build, maintain, and improve custom detection and alerting solutions, ensuring commercial tools are optimized to meet detection coverage needs.

• Collaborate with the Threat Intelligence team to build impactful detections that enhance Meraki’s security posture.

• Work closely with the Insider Threat team to develop and implement strategies for detecting and mitigating insider threats.

• Support other security program initiatives to improve the Threat Management team’s security visibility.

• Independently propose logging modifications and improvements to other Engineering and Software Development teams to ensure the necessary detections can be built

You are an ideal candidate if you have:

• Proven hands-on experience with full-lifecycle detection engineering in support of a security operations team

• Knowledge and interest in the use of AI in detection engineering workflows

• Experience with defining, collecting, and analyzing various metrics that exhibit the purpose and success of a maturing Detection Engineering program (i.e. MITRE ATT&CK coverage)

• Experience building and managing high-performing security programs and teams

• Experience as a Threat Hunter, Security Operations Analyst, or Incident Responder

• Comfortability operating in Splunk or other common SIEM and SOAR solutions

• Technical depth in one or more of the following specialties: offensive security, application security, cloud security, digital forensics, malware analysis, threat hunting, incident response or some combination thereof

• Familiarity with SQL, relational databases, and data warehousing

• Basic Python (or other scripting language) experience in order to automate tasks within our case management and CI/CD environment

• Demonstrated knowledge of threat actor techniques, vulnerabilities, and exploits, and how those present themselves within logs and various endpoint/network artifacts

• Excellent communication and collaboration skills, with the ability to work with a high degree of autonomy.

Bonus points for:

• Relevant industry certifications

• Formal software engineering, DevOps, or data science experience from prior jobs, trainings, or academia

• Hands-on experience building tools and solutions within a public cloud environment, preferably AWS

• Splunk engineering/administration experience

• Experience with PCI-DSS, FedRAMP, and other compliance frameworks and their associated logging and detection requirements