Job Description: We are seeking a highly skilled and experienced Cisco Secure Network Analytics (formerly Stealthwatch) SME to lead the implementation, optimization, and ongoing management of network visibility and threat detection initiatives. The ideal candidate will have hands-on expertise in deploying and managing Cisco Secure Network Analytics in complex enterprise environments and provide thought leadership in network security analytics.
Key Responsibilities:
Serve as the technical SME for Cisco Secure Network Analytics (Stealthwatch), providing design, deployment, tuning, and operational support.
Monitor and analyze network traffic using Stealthwatch to detect insider threats, data exfiltration, lateral movement, and anomalous behavior.
Integrate Secure Network Analytics with other SIEM, SOAR, and threat intelligence platforms.
Collaborate with SOC, network, and infrastructure teams to fine-tune detection rules and reduce false positives.
Create dashboards, custom reports, and alerts based on business and security requirements.
Conduct regular health checks, upgrades, and patch management for the Secure Network Analytics ecosystem.
Lead incident investigations involving network-based anomalies and assist in root cause analysis.
Provide training and mentorship to junior analysts and operational teams.
Stay current on Cisco's product enhancements and emerging threat trends to ensure proactive posture.
Required Qualifications:
Minimum 5 years of hands-on experience with Cisco Secure Network Analytics / Stealthwatch.
In-depth knowledge of NetFlow/sFlow/IPFIX, network protocols, and telemetry.
Strong understanding of TCP/IP, routing, switching, firewalls, and segmentation architectures.
Experience integrating Stealthwatch with Cisco Identity Services Engine (ISE), FMC, and third-party tools.
Proficient in developing policies, alarms, and behavioral baselines for network entities.
Familiarity with regulatory compliance standards (e.g., Essential 8, NIST etc).
Preferred Qualifications:
Cisco certifications such as CCNP Security, CCIE Security, or Cisco CyberOps Professional.
Experience in multi-tenant or hybrid cloud environments.
Scripting knowledge (Python, API integrations) for automation and reporting.
Soft Skills:
Strong communication and stakeholder management abilities.
Analytical thinker with a problem-solving mindset.
Able to work independently and lead small project teams.
When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the Tech Aalto Privacy Policy, a copy of which is published at Tech Aalto’s website (https://www.techaalto.com/privacy/)Confidentiality is assured, and only shortlisted candidates will be notified for interviews.