The Security Visibility & Incident Command (SVIC) team provides visibility into security and compliance, performs incident response, and drives root cause analysis to improve Cisco’s security posture.
SVIC serves Cisco and its business entities to detect, respond, and mitigate security incidents, improve compliance and security posture, as well as ensure Cisco meets its regulatory and contractual obligations for data loss notification.
Responsibilities Splunk Domain Expert Learn and deploy new technologies as needed to support business objectives related to security detection and response. Update, modify, and enhance existing programs used for security detection and response. Lead software upgrades, evaluations of new versions of the software. Maintain the production security environment, including identification of problems and driving resolution. Develop documentation on all custom solutions. Desired Skills Splunk Administration (minimum 4 years of experience) Splunk Enterprise Security configuration and tuning Splunk SOAR Search Head Clustering Indexer Clustering Onboarding new data sources Patching, configuration, and maintenance Ability to automate recovery of frequent operational issues Administration of other SIEMs (ELK, ExaBeam, etc) is a plus Cloud platforms (AWS, GCP, Azure) Experience deploying in AWS (AMI, CloudFormation, etc.) Excellent communication skills and a self-starter Using GitHub repositories Jira Service Desk, ServiceNow for issue tracking and resolution Experience with Linux/UNIX systems and the standard methodologies for deploying applications to those stacks. Experience writing in Python (Perl also useful) Web services andAPIsas in RESTful and SOAP Agility and willingness to deal with a high level of ambiguity and change Flexibility – willingness to pitch in where needed across program and team Global teaming skills and ability to focus the team to deliver to timelines Ability to multi-task Chinese Citizenship is required due the nature of work this position will perform Certifications Splunk Enterprise Certified Administrator (required) Splunk Enterprise Certified Architect (preferred) AWS Certified Solutions Architect (preferred) Why Cisco?We are a relentlessly curious, collaborative, and inclusive team that celebrates creativity, diversity, and innovation. #WeAreCisco
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case-by-case basis, qualified applicants with arrest and conviction records.
#STO25