The Talos Detection Response Team creates network and endpoint signatures that are distributed world-wide to multiple products in Cisco’s security portfolio and the open-source community.
In this position you will create detection content for vulnerabilities in a variety of Cisco and non-Cisco products. Understanding these vulnerabilities may come from reading technical reports, reading code diffs, or generating network traffic from proofs-of-concepts. Once released, these protections directly impact the security of people and organizations around the globe. With time and experience, in the future you may analyze new 0-day attacks, debug userland malware samples, and automate common tasks through scripting.
If you’re a tenacious learner, have an excruciating interest in detail, and want to begin or grow a career in information security this may be the right role for you.
Role & Responsibilities:
- Create detection content for Snort, ClamAV, AMP, and other Cisco products
- Capture network traces for testing IPS and IDS security effectiveness
- Write technical advisories about detection content
- Analyze security threats, attacker techniques and tools
- Interact with malware samples in a sandbox environment
- Experience with vulnerability analysis
- Experience with common methods of exploitation, such as cross-site scripting, SQL injection, buffer overflows etc.
- Experience with the structure of common file formats, such as PDF, MS Office, EXE
- Experience working in both Windows and Linux
- Experience with network traffic analysis using tools such as Wireshark
- Solid knowledge of networking, transport, and application layer protocols, such as IP, TCP, UDP, and HTTP
- Experience with a programming or scripting language (i.e. Python, Go, Ruby, Perl, Rust)
- Experience with reverse engineering and debugging tools. (i.e. OllyDbg, IDA Pro, radare2, x64dbg, WinDbg, Binary Ninja)
- Good analytical and problem-solving skills
- Good organization, decision making, and verbal and written communication skills
- Ability to work independently with minimum supervision and take on additional tasks as required
- Ability to work with small teams to solve complex problems
- Solid technical writing skills
- Bachelor’s degree in Computer Science, Cyber Security, or other tech-related degree
- Two years of experience in the information security field
- Experience with intrusion detection event analysis
- Experience with Snort rules language
- Experience with capture-the-flag competitions