Threat Hunting Detection Engineer

Meet the Team Cisco's Security Visibility and Incident Command (SVIC) forms part of the monitoring & response branch of Cisco's Security and Trust Organization (S&TO) and is Cisco's cyber investigations and forensics team. We provide Cisco with security threat detection, compliance monitoring, vulnerability discovery and response services to protect Cisco's digital landscape from attacks, abuse, reputational harm, and loss of its intellectual assets. The primary mission of SVIC is to help ensure system and data risk management by performing comprehensive investigations into cyber security incidents, and to assist in the prevention of such incidents by engaging in dedicated threat assessment, mitigation planning, incident trend analysis, and security architecture review. We are a highly-functioning, diverse, and globally distributed group of committed professionals from various technical backgrounds. We are Open-Source Software contributors, technical authors, tool builders, DFIR (Digital Forensics & Incident Response) community members, lock pickers, makers, and breakers Your Impact SVIC is looking for an experienced security professional to join our Cyber Detection Engineering Team. This is an opportunity to contribute to a highly visible security operations function with global impact upon Cisco, its diversified business, business units, service ventures, partners, and customers. We are seeking a motivated and analytical security specialist who thrives on understanding attacker methodologies to build robust and proactive detection capabilities. Our engineers excel at designing, developing, and deploying security detections that identify threats across complex systems. You have a strong interest in complex problem solving, with an ability to challenge assumptions and consider alternative perspectives while mastering the craft of security detection. You are forward-thinking and act as a key contributor in strengthening Cisco's defensive posture, operating exceedingly well in a strong, tight-knit, collaborative team environment. Responsibilities * Design, develop, and implement security detection rules, signatures, and use cases across various security platforms (SIEM, EDR, IDS/IPS, Cloud Native Security Tools). * Translate threat intelligence and adversary tools, tactics & procedures (TTPs) into actionable detection logic. * Perform continuous tuning and optimization of existing detection rules to reduce false positives and improve detection efficacy. * Collaborate with Threat Hunters and Incident Responders to understand emerging threats and incident patterns, incorporating lessons learned into new detection strategies. * Engage with data source & business SMEs (subject matter experts) in SVIC and InfoSec to build & improve methods for detecting security incidents in cloud (IaaS, SaaS, PaaS) environments. * Research and deploy modern technologies or enhancements to support business objectives related to security detection, threat hunting, forensics, and response. * Study how attackers operate and their methods, and use your IT and networking expertise to build & improve detection logic and investigative procedures. * Collaborate with your peers to evolve our operational processes & procedures towards improving efficiency & efficacy. * Cultivate expertise in the technical subjects you are passionate about, to guide SVIC towards better ways in achieving our mission. * Teach, mentor and support your peers in areas you have specialized knowledge or experience. * Represent SVIC in collaboration with industry peers and in trusted working groups. * Participate in a follow-the-sun on-call rotation. Minimum Qualifications * Minimum of 5-6 years of hands-on experience in security detection engineering, incident handling, or a closely related cyber security role. * Self-Starter, Go-Getter & Self-Learner. * Superb communication (verbal and written) skills. * Reasonable scripting/coding abilities (e.g., Python, PowerShell) and an eye for ... (truncated, view full listing at source)