Cisco Research Engineer – Detection and Response, Talos in Fulton, Maryland
Research Engineer - Detection and Response
Talos wants YOU! Talos is a dynamic environment that inspires employees to create opportunities by honing their talents and skills every day. Employees are self-motivated, results-driven and engaged. We recognize and reward quality results and commitment to our company's purposes and principles.
As a member of the Detection Response Team, you will research vulnerabilities in software and network protocols, how they are exploited, be responsible for the creation of detection content for the technologies Talos supports, and act as a trusted security partner within the Talos organization and Cisco. This position will primarily coordinate and track the creation of detection content to meet Talos' testing goals from the initial triaging of vulnerabilities to the successful completion of tests. In this role you will work with other Cisco teams both within and outside of Talos to ensure that issues discovered during testing are properly communicated and tracked.
In your other role as a researcher, you will learn to take a Proof-of-Concept (PoC), verify it exploits the vulnerable condition, create a PCAP of the network traffic created during exploitation, and write detection content to detect that exploitation, while not generating False Positives. You will join a team of subject matter experts in a wide range of fields & technologies, as well as newbies fresh out of college or the local CTF competition!
Essential Duties and Responsibilities:
- Coordinate DRT contributions to Talos’ testing efforts
- Liaise with teams Cisco-wide in relation to testing
- Track issues that arise during testing from reporting to resolution
- Analyze 0days and new security threats and tools
- Analyze malware samples using static/dynamic analysis, debuggers
- Create advanced detection content for Snort, ClamAV, AMP, and Security Intelligence
- Write detailed technical advisories on new vulnerabilities
- Capture network traces from exploits for testing IPS and IDS security effectiveness
- Develop small tools as necessary (this is not a software development position)
Job Requirements: * Computer Science, Cyber Security, or other tech-related degree preferred, but not required (experience may substitute) * Solid base knowledge of networking, transport, and application layer protocols, such as IP, TCP, UDP, and HTTP - Experience with vulnerability analysis * Experience with common methods of exploitation, such as Buffer Overflows, Cross-site Scripting, etc. * Experience with the structure of common file formats, such as PDF, DOC, and SWF * Experience with some of the following: OllyDbg, IDA Pro, radare2, x64dbg, WinDbg, Binary Ninja * Experience working in both Windows and Linux * Experience with network traffic dissectors such as Wireshark * Experience with Perl, Python, Ruby, Rust, or Go * Experience with Cisco security products * Experience with security product efficacy testing * Experience with project management * Solid technical writing skills * Excellent Analytical and problem solving skills * Excellent organization, decision making, and verbal and written communication skills * Ability to work independently with minimum supervision and take on additional tasks as required * Ability to work with small teams to solve complex problems
Work Conditions: * Works closely with software reverse engineers and research analysts to quickly develop detection content for all our core applications * Moderate to high levels of stress may occur at times * Fast paced and rapidly changing environment * Extremely talented and experienced team members and mentors * No special physical requirements. * Constant internal training, heated discussions, ice cream and libations
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.