Data Engineer, Incident response

The application window is expected to close on: October 16th, 2025

NOTE: Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.

The successful applicant will provide ownership of and be performing work in FedRAMP or IL-5 type environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.

Meet the Team

The Security Visibility & Incident Command (SVIC) team provides visibility into security and compliance, performs incident response, and drives root cause analysis to improve Cisco's security posture. SVIC serves Cisco and its business entities by detecting, responding to, and mitigating security incidents, improving compliance and security posture, and ensuring Cisco meets its regulatory and contractual obligations for data loss notification.

Your Impact

You will design and optimize data pipelines to provide actionable intelligence for security and compliance operations. You’ll work with large-scale data across diverse sources, using Splunk as a primary platform for storage, transformation, and analysis. This is a high-impact role where your ability to ensure performance, scalability, and reliability will directly strengthen Cisco’s security capabilities.

Responsibilities include:

• Designing, building, and maintaining scalable data pipelines for ingesting, transforming, and storing large volumes of data in Splunk.
• Using Splunk Enterprise, SPL (Search Processing Language), and technical add-ons to perform advanced data transformations and enrichments.
• Collaborating with partners to define requirements and ensure seamless integration of new data sources.
• Ensuring compliance with data governance and security standards in all engineering work.
• Implementing and monitoring data quality and validation processes for accuracy and reliability.
• Solving Splunk ingestion pipeline issues and performance bottlenecks.
• Working with security engineering teams to define and enforce logging standards.
• Staying up to date with Splunk features, add-ons, and protocols to bring innovation to the SVIC team.

Minimum Qualifications

• 3–4 years of experience in Splunk administration (either on-prem or cloud).
• Experience with Splunk SOAR (formerly Phantom), Search Head Clustering, and Indexer Clustering.
• Ability to design, implement, and maintain data pipelines at scale in Splunk.
• Familiarity with other SIEM platforms such as ELK or Exabeam.
• Proficiency in Linux/UNIX administration for deploying and supporting data systems.

Preferred Qualifications

• Experience working with cloud platforms – AWS strongly preferred , with exposure to Azure and GCP beneficial.
• Strong understanding of security operations and incident response workflows.
• Ability to drive metrics and analytics for operational improvements.
• Experience automating operational tasks using scripting and orchestration tools.
• Strong communication skills .

WHY CISCO?

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Simply put – we power the future.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.

We are Cisco, and our power starts with you.