← back to jobs
> job detail
C
👽Other

Threat Hunting Analyst

Cisco · Mexico City, Ciudad de Mexico, Mexico
// classified as
Other (Adjacent or hard to classify.)
posted
1d ago
location
Mexico City, Ciudad de Mexico, Mexico
languages
python, sql
tools
azure
> stack
pythonsqlazure
> description

Meet the Team

The Computer Security Incident Response Team (CSIRT) serves as the frontline defense for our global infrastructure, protecting the integrity of our systems and data. We operate as a collaborative, fast-paced unit of analysts and investigators dedicated to identifying and neutralizing complex cyber threats. By integrating proactive threat hunting with rapid incident response, we ensure the safety of our global enterprise. Our team values diverse perspectives, continuous learning, and a culture of accountability.

Your Impact

As a Threat Hunting Analyst, you will investigate security alerts and analyze telemetry across endpoint, network, and cloud platforms to identify and mitigate malicious activity. You will coordinate with cross-functional teams to ensure rapid incident resolution and minimize business impact. You will develop and refine standard operating procedures and playbooks to improve the efficiency of our detection and response capabilities. By participating in intelligence-driven threat hunting, you will proactively identify emerging attacker tactics to strengthen our overall security posture. This role is essential for maintaining our operational resilience and protecting our global environment from evolving threats. You will also perform the following:

  • Investigate security alerts, suspicious activity, phishing reports, and potential security incidents across multiple technologies and platforms.

  • Analyze endpoint, network, cloud, identity, and email telemetry to identify malicious or unauthorized activity.

  • Document investigations, analysis, decisions, and actions clearly and thoroughly.

  • Coordinate incidents with internal teams, including engineering, infrastructure, identity, legal, HR, and business partners when appropriate.

  • Support operational improvement initiatives, including detection tuning, workflow improvements, automation opportunities, and process documentation.

  • Assist with development and refinement of standard operating procedures, playbooks, and analyst guidance.

  • Collaborate with teammates globally to improve investigative consistency, response efficiency, and customer experience.

  • Participate in proactive threat hunting, intelligence-driven investigations, and identification of emerging attacker tactics and techniques.

  • Contribute to continuous improvement efforts by identifying gaps, recommending solutions, and helping operationalize new capabilities.

  • Communicate efficiently with technical and non-technical audiences during investigations and incident response activities.

Minimum Qualifications

  • Bachelor’s degree or equivalent experience in Computer Science, Cybersecurity, or a related technical field.

  • 3+ years of professional experience in cybersecurity operations, incident response, or threat detection.

  • Demonstrated experience investigating security alerts using telemetry from endpoints, networks, or cloud platforms.

  • Experience leading security incidents within an enterprise-level case management or ticketing system.

  • Technical proficiency with SIEM, EDR, or network security monitoring tools in a production environment.

Preferred Qualifications

  • Experience with security monitoring and analysis platforms such as Splunk or Microsoft Defender.

  • Demonstrated understanding of adversary tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK.

  • Proficiency in scripting or automation using Python, PowerShell, or SQL to improve operational workflows.

  • Knowledge of malware analysis, identity-based attack vectors, insider threats, and endpoint investigation techniques.

  • Experience with cloud environments including Amazon Web Services, Microsoft Azure, and Google Cloud.

Why Cisco? 

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. 

We are Cisco, and our power starts with you. 

Apply at Cisco