Security Incident Commander, Threat Management Response (Remote)

Posted 18 Days Ago
Easy Apply
Be an Early Applicant
Hiring Remotely in Japan
Remote
Senior level
Hardware • Information Technology • Security • Software • Cybersecurity • Conversational AI
Cisco Meraki simplifies powerful technology so that passionate people can focus on their mission.
The Role
As a Security Incident Commander, you will oversee the incident response process, work with engineering teams during high-severity incidents, and execute investigations using SQL on various security platforms including cloud technologies. You will help craft strategies, develop playbooks, and perform digital forensics to enhance overall security measures.
Summary Generated by Built In

At Cisco Meraki, we are known for simplifying technology through our products and services - and for the people behind them. As the fastest growing cloud-managed networking team in the world, our technology architecture is changing the face of networking and making cloud-managed IT a reality. Our employees' groundbreaking ideas impact everything we do. Here, that means we take innovative ideas from the drawing board to solutions that have a real-world impact. You'll be part of a diverse and inclusive engineering team that have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every day.

The Threat Management Response team stands as the last line of defense, providing round-the-clock monitoring and rapid incident response to safeguard our company and customers’ data against evolving threats. If you’re passionate about incident response, incident command, and want to make a tangible impact, this is the role for you! Join us, and you’ll help craft our strategy, refine our playbooks, and improve our response processes—driving meaningful change in how we combat security threats. Be a crucial part of our mission to protect and innovate!

Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed. The core working hours for this position are Monday through Friday, 9:30 AM to 6:30 PM, based on your local time zone.

Key responsibilities:

  • Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidents
  • Serve as incident commander when escalations from security analysts require immediate response
  • Write SQL to search data warehouses and large datasets for signs of compromise
  • Respond to high severity incidents and handle the remediation process. (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.)
  • Familiarity with the following tools:
    • Security Incident and Event Monitoring (SIEM)
    • File Integrity Monitoring (FIM)
    • Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
    • Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
  • Investigate security events for the following platforms and technologies:
    • Cloud (AWS, Azure, GCP)
    • Cisco physical and virtual network devices and platforms
  • Assist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threat
  • Write response runbooks and author documentation on organizational response processes

You are an ideal candidate if you:

  • Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
  • Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior
  • Have a calm methodical approach to investigating potential threats
  • Have minimum of 5 years worked in cybersecurity roles professionally
  • Have the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki’s security logging or security investigation infrastructure
  • Expertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutions
  • Understand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilege
  • Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response

Bonus points for:

  • Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
  • Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
  • Networking expertise with LAN/WAN routing and high-availability routing protocols like OSPF, BGP4/iBGP, EIGRP, and NSRP.
  • In-depth knowledge of detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
  • Coding/scripting experience in one or more languages.
  • Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
  • Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.


At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

Message to applicants applying to work in the U.S. and/or Canada: 
When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday. Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco pays at the standard rate of 1% of incentive target for each 1% revenue attainment against the quota up to 100%.  Once performance exceeds 100% quota attainment, incentive rates may increase up to five times the standard rate with no cap on incentive compensation. For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.     

  

Top Skills

SQL

What the Team is Saying

Priya Selvarathinavel
Lena Zell
Corey Dettmann
Robbie Singley
Melody Bonet
May Chhom
The Company
HQ: San Francisco , CA
3,000 Employees
Hybrid Workplace
Year Founded: 2006

What We Do

Meraki is a Greek word meaning “something done with soul, creativity, or love.” With this name as our mantra, we’re building a welcoming workplace that attracts eclectic, curious, purposeful people who unite to ignite our customers’ passions. Together, we create powerful, simple technology with the potential to change everything.

Why Work With Us

We believe that when passionate people are able to spend less time struggling with technology, they can spend more time on what matters—like teaching kids, running businesses, keeping airports safe, and connecting disaster victims with relief. That’s the real power of simplicity.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Cisco Meraki Teams

Team
Meet Meraki's Engineering Team
About our Teams

Cisco Meraki Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Flexible
Company Office Image
HQCisco Meraki San Francisco Office
Company Office Image
Cisco Merak Bengaluru Office
Company Office Image
Cisco Meraki Mexico City Office
Company Office Image
Cisco Meraki Chicago Office
Company Office Image
Cisco Meraki London Office
Cisco Meraki Sydney Office
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account