The application window is expected to close on: 09/14/2026

Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.

This is a hybrid role at the RTP, NC office.

Meet the Team

We are the CCPS IDR (Intrusion Detection & Response) team. A security engineering group within Cisco's Webex & Collaboration Cloud Platform Security organization. Our mission is to ensure every meaningful security event across the Webex platform is captured, normalized, and delivered to the right hands before it becomes a problem.

Our work sits at the intersection of platform engineering and security operations. We own the log ingestion, parsing, and data fidelity pipelines and operational detection effectiveness that power Webex's enterprise SIEM, directly supporting FedRAMP compliance, SOC effectiveness, and executive risk reporting. We are a lean team engineers and a delivery manager.

If you care about security engineering that has real, measurable impact at scale and building the foundational observability layer for one of Cisco's largest cloud platforms, this is the team to be on.

Your Impact

We are seeking a Security Incident Detection Engineer with deep Splunk and Splunk Enterprise Security experience to support detection engineering, incident visibility, and security monitoring across the Webex cloud service environment. This role will focus on developing, maintaining, and improving Splunk knowledge objects, detection content, validation dashboards, and operational standards that enable reliable security incident detection and response.

The engineer will work closely with security operations, cloud security, platform engineering, and service teams to ensure security telemetry is properly ingested, normalized, validated, and actionable.

• Build and maintain Splunk Enterprise Security correlation searches, notable events, risk-based alerts, and detection content that directly power security incident visibility across the Webex cloud environment.
• Develop detection build out and maintain validation dashboards aligned to telemetry ingestion contracts, ensuring required security events are present, accurate, timely, and CIM-compliant.
• Validate data onboarding quality across cloud services covering source types, indexes, field normalization, timestamp accuracy, and parsing consistency.
• Partner with SOC and incident response teams to improve alert fidelity, reduce false positives, and ensure detections provide clear investigative context.
• Collaborate with platform and service engineering teams to define and improve security logging requirements, and support detection coverage mapping against MITRE ATT&CK and relevant compliance frameworks.

Minimum Qualifications

• Hands-on experience operating Splunk Enterprise and Splunk Enterprise Security at scale, including deep knowledge of full ES feature enablement for SOC/SIEM use cases.
• Advanced SPL development skills, including efficient search design, macros, lookups, stats/tstats, data models, accelerated searches, and dashboard queries.
• Experience developing and maintaining Splunk knowledge objects in a managed app or source-controlled environment.
• Understanding of Splunk CIM, data normalization, field extractions, props/transforms, event types, tags, and source type design and Experience building, tuning, and maintaining ES correlation searches and notable event workflows.
• Familiarity with cloud security logging, incident detection, threat detection logic, and SOC operations.
• Experienced in documentation, architecture review, and cross-functional collaboration skills.

Preferred Qualifications

• Experience with risk-based alerting in Splunk Enterprise Security.
• Familiarity with Git-based development workflows for Splunk apps and detection content.
• Experience supporting security monitoring in large-scale SaaS, cloud, or production service environments.
• Knowledge of MITRE ATT&CK, NIST SP 800-53, ISO/IEC 27001, COBIT, or similar control frameworks.
• Experience with detection-as-code practices, automated validation, or CI/CD pipelines for Splunk content.
• Splunk certifications are a plus.

CollabHiring

Why Cisco? 

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. 

We are Cisco, and our power starts with you. 

Message to applicants applying to work in the U.S. and/or Canada:

The starting salary range posted for this position is $137,000.00 to $200,500.00 and reflects the projected salary range for new hires in this position in U.S. and/or Canada locations, not including incentive compensation*, equity, or benefits.

Individual pay is determined by the candidate's hiring location, market conditions, job-related skillset, experience, qualifications, education, certifications, and/or training. The full salary range for certain locations is listed below. For locations not listed below, the recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees are offered benefits, subject to Cisco’s plan eligibility rules, which include medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, paid parental leave, short and long-term disability coverage, and basic life insurance. Please see the Cisco careers site to discover more benefits and perks.  Employees may be eligible to receive grants of Cisco restricted stock units, which vest following continued employment with Cisco for defined periods of time.

U.S. employees are eligible for paid time away as described below, subject to Cisco’s policies:

• 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees

• 1 paid day off for employee’s birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness determined by Cisco

• Non-exempt employees** receive 16 days of paid vacation time per full calendar year, accrued at rate of 4.92 hours per pay period for full-time employees

• Exempt employees participate in Cisco’s flexible vacation time off program, which has no defined limit on how much vacation time eligible employees may use (subject to availability and some business limitations)

• 80 hours of sick time off provided on hire date and each January 1st thereafter, and up to 80 hours of unused sick time carried forward from one calendar year to the next

• Additional paid time away may be requested to deal with critical or emergency issues for family members

• Optional 10 paid days per full calendar year to volunteer

For non-sales roles, employees are also eligible to earn annual bonuses subject to Cisco’s policies.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components, subject to the applicable Cisco plan. For quota-based incentive pay, Cisco typically pays as follows:

• .75% of incentive target for each 1% of revenue attainment up to 50% of quota;

• 1.5% of incentive target for each 1% of attainment between 50% and 75%;

• 1% of incentive target for each 1% of attainment between 75% and 100%; and

• Once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay 0% up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.

The applicable full salary ranges for this position, by specific state, are listed below:

New York City Metro Area:

$165,000.00 - $277,600.00

Non-Metro New York state & Washington state:

$146,700.00 - $247,000.00

* For quota-based sales roles on Cisco’s sales plan, the ranges provided in this posting include base pay and sales target incentive compensation combined.

** Employees in Illinois, whether exempt or non-exempt, will participate in a unique time off program to meet local requirements.