Creating leading threat intelligence is the focus of the Cisco Talos Security Intelligence and Research Group (Talos). Talos is comprised of leading threat researchers supported by sophisticated systems. Talos researchers create threat intelligence for Cisco products to protect customers from both known and emerging threats. The team’s expertise spans software development, reverse engineering, vulnerability triage, malware investigation, and intelligence gathering. Talos provides the content and logic for Cisco FirePOWER, Cisco Ironport Anti-Spam, the SenderBase e-mail reputation system (SBRS), the Web reputation system (WBRS), ClamAV and SpamCop.
Role & Responsibilities
The Research Escalation Engineer works as part of the Talos Escalations group within Talos and is responsible for handling escalations for our intrusion prevention, anti-virus, email and web security suites. Some of our many solutions include Cisco FirePOWER, FireAMP, Cisco IronPort Anti-Spam, Outbreak Filters, and the SenderBase (SBRS) / Web reputation system (WBRS). Talos Research Escalations Engineers
- Triage internal and external escalations related to security efficacy, coverage, scoring, listing, and reputation determinations made by our security systems
- Provide third tier response to intrusion prevention, anti-virus, email and web security issues escalated from customer support and other customer-facing teams
- Answer emails in ticketing queues and respond to alerts generated by monitoring systems
- Contribute to the establishment of procedures and best practices for internal and external use
- Work closely with tier four content and engineering teams
- Solid base knowledge of networking, transport, and application layer protocols, such as IP, TCP, UDP, and HTTP
- Excellent communication and teamwork skills, with solid judgment about handling proprietary information.
- Extremely strong analytical and problem solving skills
- Must be customer focused, with a strong sense of quality and thoroughness
- Strong written and verbal communication skills
- Strong technical aptitude with ability and passion to learn
- Knowledge of intrusion and anti-virus detection techniques
- Knowledge of spam, virus and phishing techniques
- UNIX Experience and familiarity with tools such as dig, traceroute, whois, etc.
- Strong email knowledge (administration, blocklists, RFCs, reading email headers and understanding SMTP)
- Solid base knowledge of application layer protocols such as SMTP, POP, IMAP, SIP, and SSL Perl, shell scripting, regular expression and SQL experience