The Cisco Security Business Group (SBG) focuses on empowering the world to reach its full potential, securely through the Cisco Secure products. The SBG Security team supports this mission by building thoughtful partnerships with our internal partners to drive security strategy alignment across the SBG portfolio. Through these efforts, we are able to deliver simple, effective security solutions for our internal customers that meet both market and industry expectations. Our team's mission is to become our internal customers' most trusted partners by building best-in-class security programs that shape the market with our research, make it easy for our customer teams within Cisco to develop secure software, protect our most valuable information and customer assets, and enable SBG employees to work securely as they deliver Cisco Secure products including Duo, Umbrella, SecureX, Talos, Amp for Endpoints, StealthWatch, Tetration, and beyond. #WeAreCisco, where each person is unique and our team is our secret weapon. We run the spectrum from artists to analysts, low-key to high energy, and bring together a diversity of skill sets, experiences, and perspectives to solve the sophisticated problems that come with securing a growing business. Together we build solutions that are easy, effective, trustworthy, and enduring. We are looking for a Senior Security Analyst to join the team responsible for incident response, vulnerability management, and security awareness training for the Duo business unit. In this role, you will need to stay on top of the latest threats and trends in order to keep Duo's infrastructure, services, endpoints, networks, and accounts secure. What you will do:
- Perform incident response activities in support of the product and enterprise systems and service
- Respond to security tickets from employees
- Perform vulnerability management functions, including Qualys scanning and vulnerability response management
- Investigate alerts
- Develop, maintain, and deliver security awareness training content in partnership with the Security Education program
- Create and maintain current documentation (playbooks for IR, common ticket types, etc.)
- Seize opportunities to automate Splunk administration and deployment workflows using your knowledge of DevOps tools (Ansible, Terraform, GitLab CI/CD pipelines), Python, REST APIs, and Splunk's product portfolio.
- Develop, test, and deploy a variety of Splunk configurations, Splunk technology add-ons, modular inputs, external lookups, and custom search commands using Python and Splunk SDKs.
- Implement automated testing, continuous integration, and continuous deployment to streamline how we operate Splunk and data collection services internally.
- Provide exceptional customer service to Duo employees, partners, and customers
- Significant experience as an analyst with proven coaching and mentoring skills
- Significant experience leading incident response, vulnerability management, and security awareness training in fast-paced and highly dynamic organizations
- Experience collaborating successfully with a diverse set of stakeholders including security, compliance, engineering, and IT teams
- Have significant experience with cloud based security operations and securing public cloud infrastructure
- Deep knowledge of, and hands-on experience performing vulnerability scanning with Qualys
- Deep knowledge of, and hands-on experience performing log analysis, threat hunting, and alert building with Splunk.
- A passion for spreading security awareness to everyone you meet
- A vision for what a successful security operations program looks like and the maturation steps necessary to achieve this state