Senior Cybersecurity Threat Investigator

Apply
  • Location:
    Offsite, San Jose, California, US
  • Alternate Location
    Remote US
  • Area of Interest
    Security
  • Compensation Range
    155900 USD - 195200 USD
  • Job Type
    Professional
  • Technology Interest
    Security
  • Job Id
    1438379

The application window is expected to close on: 4/30/2025.

Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.

The successful applicant will be performing work in FedRAMP High or IL-5 environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil. 

Meet the Team

Security Visibility and Incident Command (SVIC) is part of the investigative branch of Cisco's Security and Trust Organization (S&TO) and serves as Cisco's information security, cyber investigations, and forensics team. We provide Cisco with tailored security monitoring services to protect the company from cyber-attacks and the loss of its intellectual assets. The primary mission of SVIC is to ensure company, system, and data preservation by performing comprehensive investigations into computer security incidents. Our mission also extends to assisting in the prevention of such incidents by engaging in root cause analysis, dedicated threat assessment, mitigation planning, and architectural review. SVIC is a highly skilled, diverse, and globally distributed group of outstanding professionals from a wide variety of technical backgrounds. We are open-source software contributors, technical authors, tool builders, DFIR community members, lock pickers, makers, and breakers. SVIC is looking for an experienced security professional to join our Security Investigations Team, which is our top-tier investigative body.

Your Impact

This is an opportunity to contribute to a highly transparent security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. We are looking for a motivated and experienced security engineer who thinks like an attacker but has the heart of a defender. Our investigators thrive on understanding complex systems and how they can be broken. Additionally, candidates with diverse technical backgrounds such as system, network, and database administrators make phenomenal security investigators, whether they realize it or not. As a great candidate for this role, you have a strong interest in complex problem solving, with an ability to challenge assumptions and consider alternative perspectives. You are forward-thinking and act as the voice of reason and calm during high-stakes situations, while operating exceedingly well in a strong, tight-knit, collaborative team environment.

  • Respond to and investigate computer security incidents, assessing the scope of impact and guiding the teams involved in the investigation to containment and resolution.
  • Communicate incident root cause analysis with management and partner teams.
  • Research and deploy new technologies as needed to support business objectives related to security detection, threat hunting, forensics and response.
  • Collaborate with data source SMEs in SVIC and InfoSec to enhance, improve, or modify cloud-based security detection and response.
  • Continuously strive to improve processes for high-accuracy attack detection and response as attacker tactics and techniques evolve, setting up our SOC Analysts for success.
  • Apply and cultivate your expertise in the subject areas you are passionate about, to guide SVIC towards innovative ways of doing things.
  • Participate in a follow-the-sun on-call rotation.
  • As a senior member of SVIC, guide and mentor our security analysis / detection engineers.

Minimum Qualifications:

  • 7+ years' experience in technical roles in Information Technology and / or Information Security or Cybersecurity. 
  • Experience in networking and core Internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP, and distributed networks). 
  • Experience with Linux/UNIX systems and the standard methodologies for deploying applications to those stacks. 
  • Experienced in data querying and data analysis.
  • Experience working with third party cloud and virtualization platforms, e.g. AWS, GCP, Azure, VMware

Preferred Qualifications:

  • Reasonable scripting/coding abilities to effectively recognize and implement automation opportunities.
  • Familiarity with Windows Server and Active Directory administration 

Why Cisco? 

#WeAreCisco. We are all unique, but collectively we bring our talents to work as a team, to develop innovative technology and power a more inclusive, digital future for everyone. How do we do it? Well, for starters – with people like you!

Nearly every internet connection around the world touches Cisco. We’re the Internet’s optimists. Our technology makes sure the data traveling at light speed across connections does so securely, yet it’s not what we make but what we make happen which marks us out. We’re helping those who work in the health service to connect with patients and each other; schools, colleges, and universities to teach in even the most challenging of times. We’re helping businesses of all shapes and sizes to connect with their employees and customers in new ways, providing people with access to the digital skills they need and connecting the most remote parts of the world – whether through 5G, or otherwise.

We tackle whatever challenges come our way. We have each other’s backs, we recognize our accomplishments, and we grow together. We celebrate and support one another – from big and small things in life to big career moments. And giving back is in our DNA (we get 10 days off each year to do just that).

We know that powering an inclusive future starts with us. Because without diversity and a dedication to equality, there is no moving forward. Our 30 Inclusive Communities, that bring people together around commonalities or passions, are leading the way. Together we’re committed to learning, listening, caring for our communities, whilst supporting the most vulnerable with a collective effort to make this world a better place either with technology, or through our actions. 

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us! #WeAreCisco 

Message to applicants applying to work in the U.S. and/or Canada:

When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.

Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco’s flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use, but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco’s Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter.  Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:

.75% of incentive target for each 1% of revenue attainment up to 50% of quota;

1.5% of incentive target for each 1% of attainment between 50% and 75%;

1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.

Share

Apply