At Cisco Meraki, we know that technology can connect, empower, and drive us. Our mission is to simplify technology so our customers can focus on what's most significant to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and sophisticated with technology that simply works.At Meraki, you will be a part of a tight-knit engineering organization working with hardworking, effective engineers. A significant influence over the tools that we use to supervise and audit our system and where we choose to deploy them. Responsible for coordinating the response to security incidents. You will support other security teams in driving business-friendly security and process improvements. Finally, by developing our capabilities to promptly detect threats, you will have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that rely on Meraki access points, switches, security appliances, and cameras every single day!We are passionate about building real products that our customers love. We believe in fostering a positive culture by hiring, mentoring, and empowering thoughtful, conducive, humble people. With the support of management, we constantly look within for ways to improve organizationally. Finally, we maintain a positive relationship with Cisco that gives us the stability and resources of a larger company without sacrificing our startup culture. We are confident you will love it here!The Threat Management Response team is responsible for 24x7x365 monitoring and rapid incident response for all Cisco Meraki environments. We are the last line of defense to protect the company and our customer's data from threat actors and adversaries.Incidents can happen at any time, as such this position requires on-call work (including overnight and weekends) on an as-needed basis. The core hours for this position are 9:30 AM PST - 6:30 PM PST, Monday through Friday.Key responsibilities:Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidentsServe as incident commander when escalations from security analysts require immediate responseWrite SQL to search data warehouses and large datasets for signs of compromiseRespond to high severity incidents and handle the remediation process. (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.)Familiarity with the following tools:Security Incident and Event Monitoring (SIEM)File Integrity Monitoring (FIM)Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.Investigate security events for the following platforms and technologies:Cloud (AWS, Azure, GCP)Cisco physical and virtual network devices and platformsAssist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threatWrite response runbooks and author documentation on organizational response processesYou are an ideal candidate if you:Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained togetherHave experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behaviorHave a calm methodical approach to investigating potential threatsHave minimum of 5 years worked in cybersecurity roles professionallyHave the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki’s security logging or security investigation infrastructureExpertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutionsUnderstand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilegeUnderstand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and responseBonus points for:Relevant industry security certifications such as CISSP, SANS GIAC (e.g. GCIH, GNFA, GCFE, GCFA, GREM), AWS certifications (SAA, SAP, or SCS), etc.Familiarity with other security verticals such as: Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, Offensive SecurityValuable knowledge of detection tools, for example: Nessus, Qualys, OSSEC, Osquery, Suricata, Threatstack, AWS Guard DutyExperience with IoT platforms, large-scale distributed systems, and/or client-server architectures