Security Architect

Job Description

Who We Are Cisco Cloud Security Group is at the forefront of developing cloud-delivered security needs and challenges of our customers. With annual revenue exceeding $200M, it is one of the fastest-growing businesses at Cisco. As Cisco is transforming its business model aggressively to software and recurring revenue model, our cloud security business is leading this journey with 100%+ YoY growth in software recurring revenue.What We Do The Cloud Security group focuses on developing solutions that provide Security as a Service to our customers. Our vision is to build the most comprehensive security solutions that are both easy to deploy and simple to manage. We are at the initial stages of this journey and looking for passionate and innovative engineers to help realize this vision. The notion of traditional perimeter-based Security is being disrupted. Since users, apps, and infrastructure have all moved to the cloud, Security must too. Welcome to the team of geeks passionate about solving this very problem and making the world a better place by making it a secure place.We have a highly scalable cloud infrastructure spread across 25 data centers where we run our cloud security applications that operate at massive scale - 100B+ requests per day from 65M daily active users.What You ll Do We are looking for a Security Architect who will be responsible for doing discovery in depth, implementing and developing automation around threat detection and response tools, queries, automation, and playbooks. You will work with an experienced Security Operations team and partner closely with Application Security, Offensive Security, Trust and Compliance, and Engineering.Roles and Responsibilities:

• Act as The Incident Response (IR) Lead with diverse skill set including Vulnerability Management, Security Operations Center (SOC), Forensics, and technical Subject Matter Expert (SME) advisory. The IR Lead is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis and reporting.
• The Incident Response Lead is also responsible for building the relationship with the client and client s counsel and to ensure the engagement s objectives and expectations are met and executed successfully as documented in the statement of work.
• You will leverage a solid foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute your responsibilities.

Collaborate with the team to develop cutting-edge solutions for corporate data collection to Splunk Cloud. You will have the opportunity to work on projects that involve the latest technologies, such as serverless data collection using AWS Lambda and the development of microservices running on Kubernetes.Seize opportunities to automate Splunk administration and deployment workflows using your knowledge of DevOps tools (Ansible, Terraform, GitLab CI/CD pipelines), Python, REST APIs, and Splunks product portfolio.Develop, test, and deploy a variety of Splunk configurations, Splunk technology add-ons, modular inputs, external lookups, and custom search commands using Python and Splunk SDKs.Implement automated testing, continuous integration, and continuous deployment to streamline how we operate Splunk and data collection services internally.Who You Are You have extensive experience in designing and operating security operations processes at native cloud companies. You successfully established relationships with Engineering based on collaboration, empathy, and pursuit of excellence.

• Bachelors + 8 years of related experience or Masters + 6 years of related experience focused on security monitoring, automation, tools implementation, and development.
• 7+ years experience leading full-cycle incident response investigations and communicating with the client/counsel/carriers
• Experience leading scoping calls
• Strong background and practical hands on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
• Must be eligible to work in the US without sponsorship
• Practical experience performing in a functional role including but not limited to one or more of the following disciplines; computer forensics, Incident Response, data analytics, Security Operations and Engineering, Digital Investigations
• Possesses strong verbal and written communication skills
• Strong knowledge of IT Security (encryption, firewalls, secure systems design, vulnerability management, secure software design, credential management, proxies, WAFs, etc.)
• Deep understanding of IT fundamentals, including Linux and Microsoft operating systems, networking, security, cloud (AWS), and database technologies (MySQL, Postgres)
• Excellent communication skills, both verbal and written; able to explain complex technical topics to both internal and external customers with ease
• A solid technical understanding of Splunk products
• Fully proficient in git and version control systems (GitLab, BitBucket, GitHub)
• Passionate about IT, technology, and following the latest industry trends
• Clear understanding of SOC2 / FedRAMP controls
• Experience with Docker, Kubernetes, and AWS is highly preferred
• Experience administering Linux systems
• Experience integrating systems with Hashicorp Vault
• Experience with load balancing technologies
• Experience developing content in Splunk ITSI a plus
• Certifications in Splunk, AWS, and/or Docker

Why Cisco We connect everything: people, processes, data, and things. We innovate everywhere, taking bold risks to shape the technologies that give us smart cities, connected cars, and handheld hospitals. And we do it in style with unique personalities who arent afraid to change the way the world works, lives, plays, and learns.Why Cisco Cloud SecurityCisco Cloud Security enables you to securely adopt the cloud and better manage Security for the way the world works today. It protects users against threats anywhere they access the internet and secures your data and applications in the cloud. You can also leverage the cloud to enhance Security through simplified policy management and dynamic threat intelligence. With Cisco Cloud Security, you gain complete visibility into internet activity across cloud applications, all office locations, and roaming devices, plus faster threat detection and response. Cisco Cloud Security provides an effective security platform that is open, automated, and simple to use. And it s backed by industry-leading threat information delivered by the Cisco Talos security intelligence and research group.We Are Cisco!,

Keyskills :
technical subject mattersiemmusic makingdocumentationsolution designaaasecurity as a servicesmart citiesdeliverylog analysissecurity operations centerit security