1438666 - Leader, Cyber Threat Intelligence Operations

Meet the Team

We are globally distributed organization, encouraging a culture of excellence, collaboration, and innovation. We are seeking an experienced and motivated Manager to lead our Cyber Intelligence Operations team. This critical role is responsible for overseeing the delivery of essential cybersecurity functions including Threat Intelligence, Detection Engineering, Threat Hunting, and Emergent Vulnerability Assessment & Response. The ideal candidate will demonstrate strong leadership, technical expertise, and strategic thinking, enabling our organization to effectively mitigate cybersecurity threats and vulnerabilities.

Your Impact

Leadership & Management:

• Lead and mentor a team of cybersecurity professionals, providing strategic direction, performance management, and professional development.
• Foster an environment of collaboration, innovation, and continuous improvement.

Threat Intelligence Operations:

• Direct the collection, processing, analysis, and dissemination of actionable cyber threat intelligence.
• Oversee threat intelligence reporting processes and ensure timely delivery of intelligence products to internal stakeholders.

Detection Engineering:

• Support the development of detections using the latest threat intelligence indicators and behaviours.
• Champion risk-based alerting internally and externally
• Collaborate with other business entities to improve detections and products

Threat Hunting:

• Drive the proactive detection of threats through systematic threat hunting initiatives.
• Support the investigations organisation in performing threat hunts
• Develop and refine threat hunting methodologies, ensuring alignment with organizational risk profiles and emerging threat landscapes.

Emergent Vulnerability Assessment & Response:

• Manage rapid identification, evaluation, and remediation coordination of emerging vulnerabilities.
• Work closely with technical teams to prioritize and remediate vulnerabilities based on business risk.

Stakeholder Communication:

• Provide clear and concise communications regarding threats, vulnerabilities, and security incidents to executive leadership and other relevant stakeholders.
• Collaborate across departments to ensure alignment of security strategies with business objectives.

Continuous Improvement:

• Regularly evaluate team processes and capabilities, making improvements to enhance effectiveness and efficiency.
• Stay abreast of cybersecurity trends, threats, and best practices, integrating learnings into operational improvements.

Minimum Qualification

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field (master's preferred).
• 5+ years in a leadership role; overseeing globally distributed teams.
• 7+ years of hand on operations experience in intel operations.
• 5+ years working as a cybersecurity professional in an enterprise environment.
• 5+ years of working in close partnership with Incident Response teams supporting cyber security incidents.
• 3+ years of attack surface risk management, vulnerability management, or a related cybersecurity field.

Preferred Qualifications:

• Industry certifications such as CISSP, GCTI, GCIA, GREM, GCTD, or CEH.
• Extensive experience with cyber threat intelligence tools and platforms, such as:
• Threat Intelligence Platforms (TIPs) - e.g., ThreatQ, Anomali, MISP, Recorded Future.
• Threat feed integrations and enrichment tools - e.g., Intel 471, Flashpoint, VirusTotal, RiskIQ, Shodan.
• STIX/TAXII standards and automated intelligence sharing workflows.
• Strong familiarity with vulnerability management and prioritization tools, including:
• Vulnerability scanners - e.g., Tenable Nessus, Rapid7 InsightVM, Qualys, Nexpose.
• Attack surface management (ASM) - e.g., Randori, CyCognito, BitSight, SecurityScorecard.
• Vulnerability intelligence and risk-based prioritization - e.g., Kenna Security, VulnDB, Nucleus Security.
• Practical knowledge of security operations tooling such as:
• SIEM (e.g., Splunk, ELK), EDR (e.g., Cisco AMP, Defender\, and SOAR platforms (e.g., Splunk Phantom).
• Experience building or evolving cyber threat intelligence programs, including workflows, playbooks, and alignment with frameworks such as MITRE ATT&CK, Kill Chain
• Strong cross-functional communication skills, with the ability to translate technical risk into business impact for executives and stakeholders.
• Familiarity with governance, risk, and compliance (GRC) processes and industry standards (e.g., NIST CSF, ISO 27001, CIS Controls).
• Experience in regulated environments (e.g., finance, healthcare, energy) and managing related audit/compliance requirements.

#WeAreCisco

#WeAreCisco where every individual brings their unique skills and perspectives together to pursue our purpose of powering an inclusive future for all.

Our passion is connection-we celebrate our employees' diverse set of backgrounds and focus on unlocking potential. Cisconians often experience one company, many careers where learning and development are encouraged and supported at every stage. Our technology, tools, and culture pioneered hybrid work trends, allowing all to not only give their best, but be their best.

We understand our outstanding opportunity to bring communities together and at the heart of that is our people. One-third of Cisconians collaborate in our 30 employee resource organizations, called Inclusive Communities, to connect, foster belonging, learn to be informed allies, and make a difference. Dedicated paid time off to volunteer-80 hours each year-allows us to give back to causes we are passionate about, and nearly 86% do!

Our purpose, driven by our people, is what makes us the worldwide leader in technology that powers the internet. Helping our customers reimagine their applications, secure their enterprise, transform their infrastructure, and meet their sustainability goals is what we do best. We ensure that every step we take is a step towards a more inclusive future for all. Take your next step and be you, with us!