Security Incident Commander, Threat Management Response

2 months ago


Sydney, Australia Cisco Full time

At Cisco Meraki, we are known for simplifying technology through our products and services - and for the people behind them. As the fastest growing cloud-managed networking team in the world, our technology architecture is changing the face of networking and making cloud-managed IT a reality. Our employees' groundbreaking ideas impact everything we do. Here, that means we take innovative ideas from the drawing board to solutions that have a real-world impact. You'll be part of a diverse and inclusive engineering team that have a direct, immediate, and positive impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, and cameras every day.

The Threat Management Response team stands as the last line of defense, providing round-the-clock monitoring and rapid incident response to safeguard our company and customers’ data against evolving threats. If you’re passionate about incident response, incident command, and want to make a tangible impact, this is the role for you Join us, and you’ll help craft our strategy, refine our playbooks, and improve our response processes—driving meaningful change in how we combat security threats. Be a crucial part of our mission to protect and innovate

Incidents can occur at any time, so this role requires on-call availability (including occasional overnight and weekend shifts) as needed. The core working hours for this position are Monday through Friday, 9:30 AM to 6:30 PM AEDT, based on your local time zone.

Key responsibilities:

  • Serve on a rotation of security incident commanders, working with heads of every major product and engineering team to ensure a quick mobilization for high-severity incidents
  • Serve as incident commander when escalations from security analysts require immediate response
  • Write SQL to search data warehouses and large datasets for signs of compromise
  • Respond to high severity incidents and handle the remediation process. (e.g. Malware analysis, large scale phishing attacks, production intrusion, etc.)
  • Familiarity with the following tools:
  • Security Incident and Event Monitoring (SIEM)
  • File Integrity Monitoring (FIM)
  • Vulnerability Scanners, Endpoint Detection & Response (EDR), Security Orchestration, Automation & Response (SOAR)
  • Network and Host Intrusion Detection (IDS) such as SNORT/Sourcefire, Palo Alto, etc.
  • Investigate security events for the following platforms and technologies:
  • Cloud (AWS, Azure, GCP)
  • Cisco physical and virtual network devices and platforms
  • Assist with and perform digital forensics on host OS or cloud system infrastructure to identify IOCs and other signs of imminent security risk and threat
  • Write response runbooks and author documentation on organizational response processes

You are an ideal candidate if you:

  • Understand common threat actor tactics, techniques, and procedures (TTPs) and how they are chained together
  • Have experience leading threat hunts, using available logs and threat intelligence to proactively identify and investigate potential risks and suspicious behavior
  • Have a calm methodical approach to investigating potential threats
  • Have minimum of 5 years worked in cybersecurity roles professionally
  • Have the ability to build and/or re-architect new and existing solutions within AWS to help tackle problems outstanding to Meraki’s security logging or security investigation infrastructure
  • Expertise with observability and security tools like Splunk, ELK, Snowflake or other searchable big data solutions
  • Understand core cybersecurity concepts such as encryption, hashing, non-repudiation, vulnerability management, and least privilege
  • Understand major security compliance frameworks such as PCI, SOC 2, and FedRAMP as they relate to incident monitoring and response

Bonus points for:

  • Industry-recognized certifications such as CISSP, SANS GIAC (e.g., GCIH, GNFA, GCFE, GCFA, GREM), and AWS certifications (SAA, SAP, or SCS).
  • Familiarity with other security fields, including Digital Forensics, Threat Intelligence, Threat Detection, Application Security, Cloud Security, and Offensive Security.
  • Networking expertise with LAN/WAN routing and high-availability routing protocols like OSPF, BGP4/iBGP, EIGRP, and NSRP.
  • In-depth knowledge of detection tools like Nessus, Qualys, OSSEC, Osquery, Suricata, and AWS Guard Duty.
  • Coding/scripting experience in one or more languages.
  • Experience demonstrating web application attacks like SQL Injection, XSS, and CSRF.
  • Familiarity with IoT platforms, large-scale distributed systems, and client-server architectures.

At Cisco Meraki, we’re challenging the status quo with the power of diversity, inclusion, and collaboration. When we connect different perspectives, we can imagine new possibilities, inspire innovation, and release the full potential of our people. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.



  • Sydney, New South Wales, Australia Cisco Full time

    Cisco is seeking a skilled Incident Commander to join our Threat Management Response team. As an Incident Commander, you will play a critical role in ensuring the security and integrity of our systems and data.Job SummaryWe are looking for a highly motivated and experienced Incident Commander to lead our response efforts in the event of a security incident....


  • Sydney, Australia Cisco Full time

    At Cisco Meraki, we know that technology can connect, empower, and drive us. Our mission is to simplify technology so our customers can focus on what's most significant to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and sophisticated with technology that simply works.At Meraki, you will be a part of a...


  • Sydney, New South Wales, Australia Cisco Full time

    Cybersecurity Incident Commander, Threat Intelligence SpecialistAt Cisco Meraki, we're pioneering the future of cloud-managed networking. As a member of our Threat Management Response team, you'll be at the forefront of safeguarding our company and customers' data against evolving threats. Your expertise in incident response, command, and threat intelligence...

  • SOC Analyst

    7 months ago


    Sydney, Australia Talent International Full time

    australia sydney permanent package + benefitsWe have a newly created opportunity for a Security Operations Centre Analyst to step up into an Incident Commander role as part of a growing Global Cyber Information Security team. Working for a leading, global insurance firm this person will have the proud responsibility of protecting all company divisions...


  • Sydney, New South Wales, Australia The Decipher Bureau Full time

    Job Title: Cloud Security Specialist - Incident Response and Threat AnalysisAbout the Role:You'll work alongside cloud platform managers and technical experts, engaging in hands-on defensive assessments and threat analysis. This role offers end-to-end ownership beyond alert triaging including report writing, stakeholder follow-through, and implementing...


  • Sydney, Australia Commonwealth Bank Full time

    **_You are _**_a problem solver with a strong technical background in Incident Responds (IR) and or Security Operations Centre (SOC). _ - **_We are _**_one of the largest Cyber Security Practices in the Southern Hemisphere. _ - **_Together we can _**_contribute to protecting the Group, Customers and Community. _ **Do work that matters**: We're building...


  • Sydney, New South Wales, Australia NCC Group Full time

    About NCC GroupNCC Group is a global leader in cyber security consulting, with over 2,200 experts worldwide. We provide trusted advisory services to 15,000 customers across the globe.The OpportunityWe are seeking an experienced Cyber Security Specialist: Incident Response and Threat Intelligence to join our team. As a Principal Cyber Incident Response...


  • Sydney, New South Wales, Australia Cisco Full time

    About Cisco MerakiCisco Meraki is a leading provider of cloud-managed networking solutions. Our innovative products and services simplify technology and empower our customers to achieve their goals.Job SummaryWe are seeking a highly skilled Chief Information Security Officer, Threat Management Specialist to join our Threat Management Response team. As a key...


  • Sydney, New South Wales, Australia Cisco Full time

    Job DescriptionAbout the Role:We are seeking a skilled Security Threat Investigator to join our Threat Management Response team. As a key member of our incident response team, you will play a critical role in safeguarding our company and customers' data against evolving threats.About You:To be successful in this role, you will have a strong background in...


  • North Sydney, Australia Gallagher Full time

    About Us: Welcome to Gallagher - a global leader in insurance, risk management, and consulting services. With a growing team of more than 45,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it’s with our brokerage division, our benefits and HR consulting division, or...


  • Sydney, Australia Amazon Full time

    DESCRIPTIONAmazon is seeking for a qualified Security Engineer to join our innovative, high energy Information Security team and work within the Security Incident Response Team (SIRT) in Sydney. SIRT Security Engineers respond to security events, conduct analysis of threats such as malware and intrusion attempts, and provide security services to safeguard...


  • Sydney, New South Wales, Australia The Decipher Bureau Full time

    Are you a skilled Cyber Security professional looking for a challenging role in threat detection and response? The Decipher Bureau is seeking an experienced individual to join our team as a Security Engineer.About the RoleWe are looking for a highly motivated and experienced Security Engineer to join our team in Sydney. As a Security Engineer, you will play...


  • Sydney, New South Wales, Australia NCC Group Full time

    The Opportunity: As a Principal Cyber Incident Response Consultant at NCC Group, you will be part of a well-established team that collaborates with various divisions within our business. You will work closely with the Cyber Incident Response Team, Threat Intelligence teams, Security Operations Centre teams, and our esteemed Red Team.Key...


  • Sydney, Australia The Cyber Hunters Embassy Full time

    Get ready to reimagine the possible and achieve a safer digital world. - Identify, analyse, prioritise and remediate cyber incidents, globally. - Sydney based. Highly driven fast paced team. Excellent Benefits. In the rapidly evolving landscape of cyber threats, this global brand stands at the forefront of defending against malicious activities that put our...

  • Cyber Security Expert

    3 weeks ago


    Sydney, New South Wales, Australia Fujitsu Full time

    About the Role:Fujitsu is seeking an experienced Cyber Security Expert to join our Security Operations Team based in our Cyber Resilience Centre (CRC). As part of this role, you will ensure that cyber security incidents are detected and resolved across all our clients environments. Your primary responsibility will be to conduct triage and analysis on alerts...

  • Cyber Security Expert

    4 weeks ago


    Sydney, New South Wales, Australia Fujitsu Full time

    About the RoleWe are seeking an experienced Cyber Security Expert to join our Security Operations Team based in the Fujitsu Cyber Resilience Centre (CRC).As a Cyber Security Expert, you will be responsible for ensuring that cyber security incidents, exposures, and vulnerabilities are detected and resolved across all our clients' environments.You will conduct...


  • Sydney, New South Wales, Australia The Decipher Bureau Full time

    Cloud Security ProfessionalWe are seeking a skilled Cloud Security Professional to join our team at The Decipher Bureau. This role offers the opportunity to work in a dynamic and collaborative environment, where you will have the chance to learn new technical skills and contribute to the development of cloud security capabilities.About the RoleAs a Cloud...


  • Sydney, New South Wales, Australia Cisco Full time

    Cybersecurity Threat Response StrategistWe are seeking a highly skilled Cybersecurity Threat Response Strategist to join our team at Cisco. This role is responsible for developing and implementing threat response strategies to protect our company and customers' data from evolving threats.Key Responsibilities:Develop and implement threat response strategies...


  • Sydney, Australia Decipher Bureau Full time

    Fantastic People Leadership role in a growing, dynamic team. - Exposure to cutting edge security technologies & solutions - Develop your Subject Matter Expertise in Cyber Incident Management. This global consultancy has a focus on managed security, offensive and intelligence services in a rapidly expanding and growing team of specialists. They require a...


  • Sydney, New South Wales, Australia The Decipher Bureau Full time

    **About The Decipher Bureau**The Decipher Bureau is an ASX-listed organisation with a strong cybersecurity practice, expanding its cloud security team.This role offers the chance to work alongside experienced professionals, engaging in hands-on defensive assessments and threat analysis.You'll have end-to-end ownership beyond alert triaging, including report...