Head of Threat Response - Meraki - Military Veterans

At Cisco Meraki, we are known for simplifying technology through our products and services - and for the people behind them. As the fastest growing cloud-managed networking team in the world, our technology architecture is changing the face of networking and making cloud-managed IT a reality. Our employees' groundbreaking ideas impact everything we do. Here, that means we take innovative ideas from the drawing board to solutions that have a real-world impact. You'll be part of a diverse and inclusive engineering team that have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every day.

The Threat Management Response team stands as the last line of defense, providing round-the-clock monitoring and rapid incident response to safeguard our company and customers' data against evolving threats. If you're passionate about incident response, incident command, and want to make a tangible impact, this is the role for you! Join us, and you'll help craft our strategy, refine our playbooks, and improve our response processes-driving meaningful change in how we combat security threats. Be a crucial part of our mission to protect and innovate!

Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed.

Key responsibilities:

• Serve on a rotation of security crisis commanders, working with heads of every major product and engineering team as well as Cisco to ensure a quick mobilization for critical-severity incidents
  
• Serve as an escalation point for incident commanders when escalations require immediate response
  
• Familiarity with the following tools:
  
• Security Incident and Event Monitoring (SIEM)
  
• File Integrity Monitoring (FIM)
  
• Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
  
• Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
  
• Investigate security events for the following platforms and technologies:
  
• Cloud (AWS, Azure, GCP)
  
• Cisco physical and virtual network devices and platforms
  
• Previous experience with building and running a digital forensics program
  
• Developing OKRs and program goals to mature incident response programs
  
• Leading, mentoring, and growing managers and engineers
  

You are an ideal candidate if you:

• Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
  
• Have experience helping teams scope threat hunts, projects, incident response action plans
  
• Have a calm methodical approach to leading teams investigating potential threats
  
• Have minimum of 5 years leadership in cybersecurity roles professionally managing global teams with 25 or more team members
  
• Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response
  
• Familiarity with SQL to search data warehouses and large datasets for signs of compromise
  
• Familiarity with Splunk Query Language
  

Bonus points for:

• Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
  
• Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
  
• Familiarity with detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
  
• Coding/scripting experience in one or more languages.
  
• Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
  
• Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.
  

Message to applicants applying to work in the U.S. and/or Canada:

When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.

Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco's flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use, but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco's Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:

.75% of incentive target for each 1% of revenue attainment up to 50% of quota;

1.5% of incentive target for each 1% of attainment between 50% and 75%;

1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.