Security Research Engineer - 1387641

February 06, 2023 - Remote

Location: This position can be fully Remote in the United States.

The Talos Detection Response Team creates network and endpoint signatures that are distributed world-wide to multiple products in Cisco’s security portfolio and the open-source community.

In this position you will create detection content for vulnerabilities in a variety of Cisco and non-Cisco products. Understanding these vulnerabilities may come from reviewing technical reports, reading code diffs, or developing proofs-of-concept based on varying degrees of background information. Once released, these protections directly impact the security of people and organizations around the globe. With time and experience you will develop subject matter expertise in some of the technologies we work with, act as a technical representative for DRT at meetings with other departments and conduct long-term advanced research and development that can be used to enhance Cisco’s products.

If you’re a tenacious learner, have an excruciating interest in detail, and want to develop your technical leadership skills in information security this may be the right role for you.

Role and Responsibilities:

  • Research security threats, attacker techniques and tools, 0-day vulnerabilities
  • Create advanced signatures and detection content for Snort, ClamAV, AMP, and other Cisco products
  • Write in-depth technical advisories about threats and signatures
  • Analyze malware samples and vulnerable binaries using static/dynamic analysis, debuggers
  • Create testbed environments to research and run exploits
  • Conduct short and medium-term in-depth research on novel threats
  • Develop tooling that forwards the mission of the team
  • Provide mentorship and training to new team members

Minimum Qualifications:

  • In-depth experience analyzing, identifying, and exploiting a wide variety of vulnerability types, such as buffer overflows, integer overflows, cross-site and server-side request forgery attacks, insecure deserializations, and authentication bypasses
  • Extensive knowledge in network traffic analysis using tools such as Wireshark
  • Advanced knowledge of network, transport, and application layer protocols, such as IP, TCP, LDAP, TLS, RDP, SMB
  • Proficiency with a compiled language (e.g. C, C++, Rust, Go) and a scripting language (e.g. Python, Ruby, Perl)
  • Expertise with reverse engineering, malware analysis, and relevant tools (e.g. IDA Pro, Binary Ninja, Ghidra, radare2, x64dbg, WinDbg, OllyDbg)
  • Expertise analyzing assembly code and identifying code patterns in disassembled binaries
  • Expert knowledge of memory layout and different segments of a running process, such as the stack and the heap
  • In-depth knowledge of Windows and Linux internals
  • Proficiency building and configuring applications and servers in virtual environments for the purposes of reproducing vulnerabilities and testing exploit proof of concepts
  • Familiarity with asymmetric ciphers (ECC, Diffie-Hellman, etc), symmetric ciphers (AES, DES, etc), and hashing algorithms (MD5, SHA256, etc)
  • Solid technical writing skills
  • Ability to work independently with minimum supervision and in a small team, taking on additional tasks as required
  • Experience with mentorship and the creation and delivery of technical training
  • 7 years of work experience in the security industry
  • Bachelor’s degree in Computer Science, Cyber Security, or other tech-related degree Or Masters and 4 years related experience.

Preferred Qualifications:

  • Experience with Snort rules language
  • Background in intrusion detection or forensic analysis
  • Involvement in the info sec community such as volunteering or speaking at conferences
  • Experience conducting, documenting, and presenting independent research
  • Master’s degree in Computer Science, Cyber Security, or other tech-related degree and 4 years of security industry experience

Why Cisco

At Cisco, each person brings their unique talents to work as a team and make a difference. Yes, our technology changes the way the world works, lives, plays, and learns, but our edge comes from our people. Our People Are The Heart of Cisco.

Cisco is proud to be an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

We see inclusion and diversity as essential to fueling the power of connection. Learn about inclusion and collaboration in action at Cisco. Diversity, Inclusion and Collaboration at Cisco.

Benefits and Perks

We strive to keep our teams happy and healthy. Many roles have the option to be Remote or Hybrid. Cisco provides competitive pay, excellent medical, dental and vision coverage, 401(k) match, 20 days of paid time off plus holidays, support for parents and paid time to volunteer. View the benefits overview. Benefits and Perks - Cisco.

Join us! #WeAreCisco

Cisco COVID-19 Vaccination Requirements

The health and safety of Cisco’s employees, customers, and partners is a top priority. Our goal is to protect and mitigate the spread of COVID-19 infection for strong business resiliency during the pandemic. Therefore, Cisco may require new hires to be fully vaccinated against COVID-19 if the role requires business-related travel, meeting with customers/partners (including visiting third-party sites on behalf of Cisco), attending trade events, and Cisco office entry, unless otherwise prohibited by applicable law, and in countries where COVID-19 vaccination is legally required. The company will consider legally required accommodations/exceptions for medical, religious, and other reasons as per the requirements of the role and in accordance with applicable law. Additional information will be provided to candidates about the requirements and accommodation process at the offer time based on region.

Clicking APPLY will direct you away from