The Incident Detection and Response (ID&R) team provides visibility into security and compliance, performs incident response, and drives root cause analysis to improve Cisco’s security posture.

ID&R serves Cisco and its business entities to detect, respond, and mitigate security incidents, improve compliance and security posture, as well as ensure Cisco meets its regulatory and contractual obligations for data loss notification​.

• Splunk Domain Expert

  
  
  

• Learn and deploy new technologies as needed to support business objectives related to security detection and response.

  
  
  

• Update, modify, and enhance existing programs used for security detection and response.

  
  
  

• Lead software upgrades, evaluations of new versions of the software.

  
  
  

• Maintain the production security environment, including identification of problems and driving resolution.

  
  
  

• Maintain data availability as a part of a 24x7 duty rotation.

  
  
  

• Develop documentation on all custom solutions.

  
  
  

• Splunk Administration (minimum 4 years of experience)

  
  
  

• Splunk Enterprise Security configuration and tuning

  
  
  

• Splunk Cloud Administration

  
  
  

• Splunk SOAR

  
  
  

• Search Head Clustering

  
  
  

• Indexer Clustering

  
  
  

• Onboarding new data sources

  
  
  

• Patching, configuration, and maintenance

  
  
  

• Ability to automate recovery of frequent operational issues

  
  
  

• Administration of other SIEMs (ELK, ExaBeam, etc) is a plus

  
  
  

• Cloud platforms (AWS, GCP, Azure)

  
  
  

• Experience deploying in AWS (AMI, CloudFormation, etc.)

  
  
  

• Excellent communication skills and a self-starter

  
  
  

• Using GitHub repositories

  
  
  

• Jira Service Desk, ServiceNow for issue tracking and resolution

  
  
  

• Experience with Linux/UNIX systems and the standard methodologies for deploying applications to those stacks.

  
  
  

• Experience writing in Python (Perl also useful)

  
  
  

• Web services and APIs in RESTful and SOAP

  
  
  

• Agility and willingness to deal with a high level of ambiguity and change

  
  
  

• Flexibility – willingness to pitch in where needed across program and team

  
  
  

• Global teaming skills and ability to focus the team to deliver to timelines

  
  
  

• Ability to multi-task

  
  
  

• Splunk Cloud Certified Administrator (required)

  
  
  

• Splunk Enterprise Certified Architect (preferred)

  
  
  

• AWS Certified Solutions Architect (preferred)

  
  
  

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. 

We are Cisco, and our power starts with you.