Location: This position can be fully Remote in the United States. The Talos Detection Response Team creates network and endpoint signatures that are distributed world-wide to multiple products in Cisco's security portfolio and the open-source community. In this position you will create detection content for vulnerabilities in a variety of Cisco and non-Cisco products. Understanding these vulnerabilities may come from reviewing technical reports, reading code diffs, or developing proofs-of-concept based on varying degrees of background information. Once released, these protections directly impact the security of people and organizations around the globe. With time and experience you will develop subject matter expertise in some of the technologies we work with, act as a technical representative for DRT at meetings with other departments and conduct long-term advanced research and development that can be used to enhance Cisco's products. If you're a tenacious learner, have an excruciating interest in detail, and want to develop your technical leadership skills in information security this may be the right role for you. Role and Responsibilities: Research security threats, attacker techniques and tools, 0-day vulnerabilities Create advanced signatures and detection content for Snort, ClamAV, AMP, and other Cisco products Write in-depth technical advisories about threats and signatures Analyze malware samples and vulnerable binaries using static/dynamic analysis, debuggers Create testbed environments to research and run exploits Conduct short and medium-term in-depth research on novel threats Develop tooling that forwards the mission of the team Provide mentorship and training to new team members Minimum Qualifications: In-depth experience analyzing, identifying, and exploiting a wide variety of vulnerability types, such as buffer overflows, integer overflows, cross-site and server-side request forgery attacks, insecure deserializations, and authentication bypasses Extensive knowledge in network traffic analysis using tools such as Wireshark Advanced knowledge of network, transport, and application layer protocols, such as IP, TCP, LDAP, TLS, RDP, SMB Proficiency with a compiled language (e.g. C, C , Rust, Go) and a scripting language (e.g. Python, Ruby, Perl) Expertise with reverse engineering, malware analysis, and relevant tools (e.g. IDA Pro, Binary Ninja, Ghidra, radare2, x64dbg, WinDbg, OllyDbg) Expertise analyzing assembly code and identifying code patterns in disassembled binaries Expert knowledge of memory layout and different segments of a running process, such as the stack and the heap In-depth knowledge of Windows and Linux internals Proficiency building and configuring applications and servers in virtual environments for the purposes of reproducing vulnerabilities and testing exploit proof of concepts Familiarity with asymmetric ciphers (ECC, Diffie-Hellman, etc), symmetric ciphers (AES, DES, etc), and hashing algorithms (MD5, SHA256, etc) Solid technical writing skills Ability to work independently with minimum supervision and in a small team, taking on additional tasks as required Experience with mentorship and the creation and delivery of technical training 7 years of work experience in the security industry Bachelor's degree in Computer Science, Cyber Security, or other tech-related degree Or Masters and 4 years related experience. Preferred Qualifications: Experience with Snort rules language Background in intrusion detection or forensic analysis Involvement in the info sec community such as volunteering or speaking at conferences Experience conducting, documenting, and presenting independent research Master's degree in Computer Science, Cyber Security, or other tech-related degree and 4 years of security industry experience Why Cisco Secure \, where each person is unique. We bring our talents to work as a team each day, helping power an inclusive future for all. Get to know us! 1 Our People Are The Heart of Cisco We're global, we're adaptable, we're diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security? Those are only a few of our product teams! The only thing we're missing is YOU. Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We and we know we're better together, that's why we're dedicated to inclusivity, collaboration, and diversity in everything we do. We're proud to be the Best Security Company in 2021 with the Best Authentication Technology and the Best Small and Mid-Size Enterprises Security Solution in 2022 by SC Media. Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and we're excited to see the new heights we'll reach with your passion for security, your customer focus, and your desire to change things up! What else can you expect? An ongoing investment in your growth-that's why we offer many employee resource groups (called Inclusive Communities), mentorship programs, and hundreds of learning resources to consistently level up your skillset and explore your interests. Because when you succeed, we succeed! "Cisco Secure offers an environment that combines cutting-edge, mission-critical, technology with some of the brightest, most diverse set of people I've ever had the pleasure of working with." - Chief of Staff, Engineering Join Cisco Secure - Be You, With Us! References Visible links 1. \_default/index.html?videoId= Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.