Talos ARES (Advanced Research / Embedded Systems) is a team within Talos that is tasked with improving security of embedded systems through research, vulnerability discovery, and proof of concept development of existing devices and systems. The team consists of vulnerability researchers focused on assessing the security of all types of embedded systems, including Industrial Control Systems (ICS) and Internet of Things (IoT) as well as what’s traditionally thought of as an embedded system. The team leverages a variety of skills to examine both the hardware and the associated software of these systems and attempt to find vulnerabilities in these systems. Newly discovered vulnerabilities are disclosed to the respective vendor. In addition, the team creates detection content, such as IDS rules and antivirus signatures, for Cisco security offerings such as Snort, ClamAV and Advanced Malware Protection (AMP).
POSITION ROLES AND RESPONSIBILITIES
Reverse engineer embedded devices to discover new vulnerabilities.
Write detailed technical advisories on new vulnerabilities.
Develop proof of concept exploits for testing IPS and IDS effectiveness.
Create tools for the discovery and triage of vulnerabilities.
Analyze zero-day vulnerabilities and emerging security threats and technologies in embedded systems (including Industrial Control Systems).
Use a variety of tools to perform static and dynamic analysis of real-world malware samples that affected embedded systems.
Create detection content for Snort, ClamAV, AMP, Security Intelligence and other Cisco security offerings.
Demonstrate embedded security leadership both internally and externally.
SPECIALIZED KNOWLEDGE AND SKILLS
Experience reverse engineering a variety of hardware and software, including firmware, operating systems, and applications.
Experience extracting firmware from devices for analysis.
Experience with a variety of devices for hardware research, such as JTAG, logic analyzers, oscilloscopes and other devices.
Experience with vulnerability discovery and analysis.
Experience with common vulnerabilities and methods of exploitation, such as memory corruption, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
Proficient in C/C++, Python and ARM/PPC assembler.
Knowledge of Linux System API and ABI.
Experience with analysis tools such as IDA, Radare, Burp Suite, and others.
Experience with network traffic dissectors such as Wireshark.
Experience with ICS/SCADA protocols such as DNP3, Modbus, BACNet, ICCP, IEC 60870, CIP, ENIP.
Solid documentation and technical writing skills.
Exceptional analytical skills and problem-solving skills.
Ability to work independently with minimum supervision and take on additional tasks as required.
Desire to expand skills and abilities while functioning out of comfort zone.
EDUCATION AND WORK EXPERIENCE