Senior SIEM Security Engineer

Meet the Team The Network Platform Organization (NPO), formerly Meraki, builds and operates Cisco’s cloud-managed platform powering millions of devices globally. Within NPO, the Network Platform Security Organization (NPSO) is responsible for protecting the platform infrastructure.

The Security Engineering team within NPSO engineers and operates enterprise-grade security telemetry, SIEM, observability, and automation platforms across a diverse, large-scale, hybrid cloud environment. This role is ideal for a senior-level SIEM security engineer who wants to help improve the lifecycle, reliability, and operational maturity of Splunk technologies as critical security platforms while influencing the security design of platforms used by tens of millions of customers worldwide.

Your Impact Play a core role within the security engineering team, responsible for analyzing, designing, and building security solutions that protect the Network Platform Organization at scale. Apply deep security engineering and production operations expertise to design, build, validate, and operationalize SIEM, observability, and security automation capabilities.

Collaborate closely with security engineers, SRE, cloud infrastructure teams, compliance, and executive leadership to mature our security telemetry and response programs. Engineer and maintain security data pipelines to deliver broad security visibility across systems, application, and network domains.

Use infrastructure-as-code, configuration management, and Git-based delivery practices to deploy and maintain SIEM, observability, and security automation capabilities. Act as a technical mentor and subject matter expert for Splunk platform operations, security telemetry, SIEM engineering, observability, and production security operations.

You thrive in a fast-paced, multifaceted environment and bring a proactive, “can-do” attitude. You are flexible, resilient, and capable of working independently with minimal supervision. You are comfortable collaborating with geographically distributed teams across time zones.

Minimum Qualifications 5+ years of professional experience in SIEM engineering, security engineering, security operations, production infrastructure, cloud security, observability engineering, or related fields. Experience in engineering, administering, or operating Splunk Cloud Platform, Splunk Enterprise Security, Splunk SOAR, or comparable SIEM and security automation platforms in production environments.

Strong expertise in: Platforms: Splunk Cloud Platform, Splunk Enterprise Security, Splunk SOAR Cloud & Infrastructure: AWS, Kubernetes, EKS Automation: Ansible, Terraform, ArgoCD, Git, CI/CD Observability: Splunk Observability Cloud, OpenTelemetry, OTel Collectors, Grafana, Prometheus Experience with Splunk data onboarding, add-ons and Technical Add-ons (TAs), source types, field extractions, data models, correlation searches, dashboards, alerting, and operational troubleshooting.

Strong Linux systems experience, including troubleshooting, service health, logs, permissions, package or agent deployment, and operational support. Strong analytical and problem-solving skills. Experience working in Agile environments. Strong written and verbal communication skills.

Preferred Qualifications Deep experience with Splunk Cloud Platform, Splunk Enterprise Security, Splunk SOAR, Splunk Observability Cloud, Heavy Forwarders, Deployment Server, OpenTelemetry / OTel Collectors, and Splunk Add-ons / Technical Add-ons (TAs).

Experience improving large-scale telemetry operations, including data quality, parsing, routing, normalization, cost management, search performance, and alert reliability. Experience securing containerized workloads, Linux server fleets, SaaS platforms, IoT environments, or complex cloud architectures.

Experience responsibly applying AI-assisted engineering and agentic workflows to improve security design reviews, automation, operational processes, and execution quality. Experience mentoring engineers or leading cross-functional technical initiatives.

Why Cisco? At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds.

These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless.

We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. We are Cisco, and our power starts with you.