Research Engineer - Efficacy Engineering

November, 24 2017 - Fulton, MD

Role & Responsibilities

Researchers in this role regularly pour through our corpora of telemetry and archived messages and threats seeking patterns that identify bad actors. They invent novel approaches to threat detection and work in small groups to build detection content and proof-of-concept models that either transition to internally supported tools or else transition to our software teams to be hardened and further developed based on guidance provided by EE. Specific responsibilities include:

  • Data mining of all types
  • Good pattern recognition: identifying new threats as they surface
  • Rapid prototyping of code to automate a newly discovered threat pattern
  • Collaborating between several very different teams to meet efficacy goals
  • Furthering Talos's strong connection with the security industry
  • Maintaining a high threat catch rate for our products

Minimum Qualifications

  • Strong interest in security
  • Professional experience in SW dev, scripting, or threat research
  • Proven record of delivering quality in a highly available & scalable environment
  • Proficiency in Python and/or Perl
  • High comfort on a UNIX shell (grep, sed, awk, etc.)
  • No stranger to PCRE
  • Strong verbal, written, analytical, and persuasive skills
  • Good understanding of statistics and probability
  • Flexible and adaptable, able to switch gears in high-stress situations

Desired Skills

(ideal candidates have more than half of these)

  • Regex Golf: Score 2000+ on hard mode at https://regex.alf.nu
  • Experience in hacking activities (e.g. Capture the Flag)
  • Knowledge of anti-spam technologies
  • Understanding of cryptographic techniques
  • Background in malware analysis
  • Familiarity with HTML and email formatting (RFC822: headers, MIME)
  • Understanding of SMTP, HTTP, and DNS protocols
  • Experience with Perforce and Git source control systems
  • Proficiency in querying SQL in a live production environment
  • Have deployed or administered email-related infrastructure
  • Skilled in traversing complicated network topologies (like advanced ssh/nc)
  • Advanced shell scripting skills (in addition to Perl and Python)
  • Able to decipher obfuscated HTML and JavaScript
  • Experience with established big data tools (Hadoop, Elasticsearch)
  • Experience with graph theory and/or graph databases (e.g. Titan)
  • Versed in machine learning concepts (SVM, CNN) and technologies like liblinear
  • Fluent in one or more non-English written languages