Research Engineer, Detection and Response - 1333773

July 25, 2021 - Fulton, MD

The Talos Detection Response Team creates network and endpoint signatures that are distributed world-wide to multiple products in Cisco’s security portfolio and the open-source community.

In this position you will create detection content for vulnerabilities in a variety of Cisco and non-Cisco products. Understanding these vulnerabilities may come from reading technical reports, reading code diffs, or generating network traffic from proofs-of-concepts. Once released, these protections directly impact the security of people and organizations around the globe. With time and experience, in the future you may analyze new 0-day attacks, debug userland malware samples, and automate common tasks through scripting.

If you’re a tenacious learner, have an excruciating interest in detail, and want to begin or grow a career in information security this may be the right role for you.

Role & Responsibilities:

  • Create detection content for Snort, ClamAV, AMP, and other Cisco products
  • Capture network traces for testing IPS and IDS security effectiveness
  • Write technical advisories about detection content
  • Analyze security threats, attacker techniques and tools
  • Interact with malware samples in a sandbox environment

Minimum Qualifications:

  • Experience with vulnerability analysis
  • Experience with common methods of exploitation, such as cross-site scripting, SQL injection, buffer overflows etc.
  • Experience with the structure of common file formats, such as PDF, MS Office, EXE
  • Experience working in both Windows and Linux
  • Experience with network traffic analysis using tools such as Wireshark
  • Solid knowledge of networking, transport, and application layer protocols, such as IP, TCP, UDP, and HTTP
  • Experience with a programming or scripting language (i.e. Python, Go, Ruby, Perl, Rust)
  • Experience with reverse engineering and debugging tools. (i.e. OllyDbg, IDA Pro, radare2, x64dbg, WinDbg, Binary Ninja)
  • Good analytical and problem-solving skills
  • Good organization, decision making, and verbal and written communication skills
  • Ability to work independently with minimum supervision and take on additional tasks as required
  • Ability to work with small teams to solve complex problems
  • Solid technical writing skills

Preferred Qualifications:

  • Bachelor’s degree in Computer Science, Cyber Security, or other tech-related degree
  • Two years of experience in the information security field
  • Experience with intrusion detection event analysis
  • Experience with Snort rules language
  • Experience with capture-the-flag competitions