Research Engineer, Detection and Response - 1319870

September 21, 2021 - Fulton, MD

The Talos Detection Response Team creates network and endpoint signatures that are distributed world-wide to multiple products in Cisco’s security portfolio and the open-source community.

In this position you will create detection content for vulnerabilities in a variety of Cisco and non-Cisco products. Understanding these vulnerabilities may come from reading technical reports, reading code diffs, or generating network traffic from proofs-of-concepts. Once released, these protections directly impact the security of people and organizations around the globe. With time and experience, in the future you may analyze new 0-day attacks, debug userland malware samples, and automate common tasks through scripting.

If you’re a tenacious learner, have an excruciating interest in detail, and want to begin or grow a career in information security this may be the right role for you.

Role & Responsibilities:

  • Create detection content for Snort, ClamAV, AMP, and other Cisco products
  • Capture network traces for testing IPS and IDS security effectiveness
  • Write technical advisories about detection content
  • Analyze security threats, attacker techniques and tools
  • Interact with malware samples in a sandbox environment

Minimum Qualifications:

  • Experience with vulnerability analysis
  • Experience with common methods of exploitation, such as cross-site scripting, SQL injection, buffer overflows etc.
  • Experience with the structure of common file formats, such as PDF, MS Office, EXE
  • Experience working in both Windows and Linux
  • Experience with network traffic analysis using tools such as Wireshark
  • Solid knowledge of networking, transport, and application layer protocols, such as IP, TCP, UDP, and HTTP
  • Experience with a programming or scripting language (i.e. Python, Go, Ruby, Perl, Rust)
  • Experience with reverse engineering and debugging tools. (i.e. OllyDbg, IDA Pro, radare2, x64dbg, WinDbg, Binary Ninja)
  • Good analytical and problem-solving skills
  • Good organization, decision making, and verbal and written communication skills
  • Ability to work independently with minimum supervision and take on additional tasks as required
  • Ability to work with small teams to solve complex problems
  • Solid technical writing skills

Preferred Qualifications:

  • Bachelor’s degree in Computer Science, Cyber Security, or other tech-related degree
  • Two years of experience in the information security field
  • Experience with intrusion detection event analysis
  • Experience with Snort rules language
  • Experience with capture-the-flag competitions

Why Cisco?

#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.

We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (36 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!