Meet the Team

Security Visibility and Incident Command (SVIC) is part of the investigative branch of Cisco’s Security & Trust Organization (S&TO) and serves as Cisco’s information security, cyber investigations, and forensics team. We provide Cisco with tailored security monitoring services to protect the company from cyber-attacks and the loss of its intellectual assets. The primary mission of SVIC is to ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents. Our mission also extends to assisting in the prevention of such incidents by engaging in root cause analysis, dedicated threat assessment, mitigation planning, and architectural review. SVIC is a highly skilled, diverse, and globally distributed group of outstanding professionals from a wide variety of technical backgrounds. We are open-source software contributors, technical authors, tool builders, DFIR community members, lock pickers, makers, and breakers. SVIC is looking for an experienced security professional to join our Security Investigations Team, which is our top-tier investigative body.

Your Impact

This is an opportunity to contribute to a highly transparent security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. We are looking for a motivated and experienced security engineer who thinks like an attacker but has the heart of a defender. Our investigators thrive on understanding complex systems and how they can be broken. Additionally, candidates with diverse technical backgrounds such as system, network, and database administrators make phenomenal security investigators, whether they realize it or not. As a great candidate for this role, you have a strong interest in complex problem solving, with an ability to challenge assumptions and consider alternative perspectives. You are forward-thinking and act as the voice of reason and calm during high-stakes situations, while operating exceedingly well in a strong, tight-knit, collaborative team environment.

Conduct the technical investigation into computer security incidents to assess the scope of impact to the business and uncover the root cause.Engage with impacted teams to devise & drive them towards containment or mitigation of the incident while proceeding to work for a full resolution.Perform an after actions review into medium and above severity incidents & communicate findings with management & partner teams.Conduct host forensics, network forensics and log analysis in support of incident response investigations for systems or applications deployed on-prem or in the cloud.Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.Research and deploy modern technologies or enhancements to support business objectives related to security detection, threat hunting, forensics, and response.Engage with data source & business SMEs (subject matter experts) in SVIC and InfoSec to build & improve methods for detecting and responding to security incidents in cloud (IaaS, SaaS, PaaS) environments.Study how attackers operate and their methods but also use your IT and networking expertise to build & improve detection logic and investigative procedures.Collaborate with your peers to evolve our operational processes & procedures towards improving efficiency & efficacy.Cultivate expertise in the technical subjects you are passionate about, to guide SVIC towards better ways in achieving our mission.Teach, mentor and support your peers in areas you have specialized knowledge or experience.Represent SVIC in collaboration with industry peers and in trusted working groups.Participate in a follow-the-sun on-call rotation.Minimum Qualifications:10+ years of experience in technical roles within Information Technology and/or Information Security.For Information Security experience, demonstrable skills in one or more of the following areas: SOC triage and analysis, detection engineering, threat hunting, or incident response.For Information Technology experience, demonstrable skills in working with one or more of the following areas: operating systems, networks, databases, and applications or platforms, both on-premises and cloud-native.Experience in one or more data analytics platforms or languages such as Splunk, Elastic Stack, Kusto Query Language (KQL), Structured Query Language (SQL), etc.Experience with a mix of red team or blue team tools such as Metasploit, C2 frameworks, Kali Linux, Security Onion, Burp Suite, Nessus, osquery, yara, sleuthkit, velociraptor, etc.Preferred Qualifications:Experience or familiarity with data centre orchestration platforms such as VMware, OpenShift, or OpenStack, and with application deployment through CI/CD pipelines.Experience or familiarity with cloud computing platforms and components such as AWS, Azure, GCP, Kubernetes, Terraform, etcExperience or familiarity with protocols & products used for authentication & authorization, like - Radius, TACAS+, Active Directory, LDAP, NTLM, Kerberos, SAML, OAuth, OpenID Connect, WebAuth etc.Agility in dealing with several types of security incidents concurrently and a curiosity to learn about the tools and technologies involved.Flexibility – willingness to pitch in where needed across program and team, and outside typical business hours.

Why Cisco?

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Simply put – we power the future.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.

We are Cisco, and our power starts with you.