Cisco’s Security Visibility and Incident Command (SVIC) is looking for a highly skilled Automation Engineer/Developer to join our dynamic security operations team. The successful candidate will be at the forefront of designing, developing, and implementing innovative automation solutions for our security operations center. We are seeking an individual with a robust knowledge across various information technology domains, including development, AI, data science, data analysis, and security. The candidate will work independently and with other team members to design, deploy, improve, and support solutions for security event detection, analysis, incident response, investigations, and forensics.

Meet The Team:

Cisco's Security Visibility and Incident Command Team (SVIC) is recognized across the globe as a leader in Information Security and Incident Response operations. Our team of ~120 people comprise industry veterans, world-class security experts and authors, and up and coming security professionals. We are the investigative branch of Cisco's Security and Trust Organization (S&TO) and provide Cisco with tailored security monitoring and response services to protect from network attacks and intellectual asset loss. We welcome versatile and driven individuals to be part of our premier team.

Your Impact

The ideal candidate must enjoy working in a fast-paced dynamic environment with a "take-charge" / "can-do" demeanor and is able to demonstrate flexibility and resiliency. Successful candidate must be self-sufficient and be able to work with minimal direction. Work with geographically distributed teams across different time zones. Your primary focus will be on demonstrating automation to analyze large datasets, develop sophisticated detection models, and implement data-driven security solutions.

The responsibilities of the position include the following:

• Design, develop, and maintain automation for log ingestion, normalization, enrichment, and transformation across diverse data sources and formats, with strong data quality controls.
• Engineer, test, deploy, and maintain automated detections in SIEM/SOAR ecosystems, including rule/playbook development, tuning, and lifecycle management to reduce false positives.
• Leverage AI and data science techniques (for example, anomaly detection, supervised/unsupervised learning, embeddings, NLP) to improve detection coverage, precision, and time-to-detect.
• Develop reusable playbooks and workflows in SOAR and workflow tools (for example, Tines, n8n) to automate triage, enrichment, notification, containment actions, and approvals.
• Automate case and ticket lifecycle management, including creation, enrichment, correlation, de-duplication, SLA tracking, and closure in systems such as Service Now, Jira, or Mission Control.
• Build robust integrations with APIs, webhooks, and event buses to connect SIEM, EDR, IAM, cloud, ITSM, and messaging platforms.
• Implement CI/CD practices for automations and detections, including version control, code reviews, automated testing, packaging, and staged deployments.
• Monitor and improve automation reliability and performance using metrics, logging, alerting, and SLOs; maintain runbooks and on-call support documentation.
• Collaborate with SOC analysts, incident responders, and threat intelligence teams to translate manual procedures into resilient automations mapped to frameworks such as MITRE ATT&CK.
• Ensure secure development and operational practices, including least-privilege access, secrets management, audit-ability, and compliance with data handling policies.
• Analyze and interpret large data sets to identify trends and insights that advise detection content and automation opportunities.
• Document architectures, detection logic, playbooks, and runbooks; supply to knowledge sharing and enablement across the team.

Minimum Qualifications:

• BS/MS in computer/data science or related degree and 4-8 years of experience

• Strong proficiency in programming/scripting languages such as Python, Bash, SPL, and SQL.

• Demonstrated experience designing and deploying security automations and SOAR playbooks in platforms such as Tines or n8n, Splunk SOAR (Phantom), Cortex XSOAR).

• Familiarity with SIEM platforms such as Splunk, ELK, Microsoft Sentinel, or QRadar, including detection content development and tuning.

• Data analysis and prototyping with Jupyter Notebooks, pandas, Num Py, or Py Spark. Containerization and infrastructure tooling such as Docker, Kubernetes, and Terraform.

• Broad knowledge and experience across software development, security operations, data engineering, and analytics.

• Hands-on experience with SIEM content development, detection engineering, and tuning techniques.

• Solid understanding of cloud infrastructure services, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

• AI/ML libraries and tooling such as scikit-learn, Tensor Flow, or Py Torch for applied detection use cases.

• Event streaming and data pipelines using Kafka, Kinesis, Pub/Sub, or Azure Event Hubs; orchestration with Airflow or similar tools.

• API integration patterns including REST/GraphQL, webhooks, OAuth 2.0, and JSON serialization.

• Strong problem resolution/analytical skills required to understand complex system interactions.

• Strong work prioritization, planning, and organizational, documentation and troubleshooting skills.

Preferred Qualifications:

In addition to the above requirements, the ideal candidate should also possess one or more of the following competencies:

• Cloud and Security certifications (for example, AWS, Azure, GCP, Security+, CISSP, GIAC).
• Vendor or platform certifications relevant to SIEM/SOAR or ITSM (for example, Splunk, Elastic, Microsoft Sentinel, Service Now).

S&TO

Why Cisco?

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.

We are Cisco, and our power starts with you.