Location: This position can be fully Remote in the United States.
Who You’ll Work With
The Threat Research team is a multinational group of security researchers. We invent novel approaches to detecting phishing and malware attacks and other threats, both in small groups and by working independently to build detection content and proof-of-concept models. These models can transition to internally supported tools or to Talos development teams to be hardened and further developed for ingestion by Cisco products as part of Talos intelligence.
This particular role will focus on creating detections for malicious and phishing destinations from DNS and URL telemetry and data.
Who You Are, What You’ll Do
Good pattern recognition: identifying and anticipating new threats
Dependable judgment and attentive to details
Rapid prototyping of code to automate newly discovered threat patterns seen in malware, attacker techniques, network or endpoint telemetry
Maintaining and bolstering our products’ high catch rate for threats
Collaboration with similarly innovative interdisciplinary teams to meet efficacy goals
Stay up to date on malware trends, perform malware analysis and hunt for patterns in telemetry, as necessary, to understand detection issues and possible solutions at initial access vectors, on endpoints, and from within network telemetry
Desired Experience and Qualifications
Experience analyzing malicious documents, obfuscated scripts and dynamic malware analysis
Experience in any of: IT, machine learning, security, malware research, software development
Networking basics
Understanding of malware attack chains at the endpoint and network levels
Understanding of malware families, MITRE ATT&CK and commonly exploited CVEs
Experience building novel solutions to increase the efficiacy of malware or phishiing detection
Proficiency in Python development, scripting and automation
Shell scripting (bash, awk, sed, etc.)
Regular experience using a UNIX command line
Comfortable with regular expressions
Exploring obfuscated HTML/CSS/JS
Flexible and adaptable, able to pursue multiple separate tasks
Experience with writing signatures such as YARA, SNORT
Threat hunting and incident response familiarty that can be applied to creating detections and automation
Experience with AWS
Experience with Docker containers
Experience with technologies used in Data Science research, Pyspark, Pandas, Databricks
Bonus Skills - Familiarity or interest in any combination of these is helpful
Statistics, probability, and machine learning
Fluent in reading non-English language(s)
Reverse engineering malware or domain generation algorithms
Why Cisco Secure
#WeAreCisco, where each person is unique. We bring our talents to work as a team each day, helping power an inclusive future for all. Get to know us!
We're global, we're adaptable, we're diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security? Those are only a few of our product teams! The only thing we're missing is YOU.
Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We #InnovateToWin and we know we're better together, that's why we're dedicated to inclusivity, collaboration, and diversity in everything we do.
We're proud to be the Best Security Company in 2021 with the Best Authentication Technology and the Best Small and Mid-Size Enterprises Security Solution in 2022 by SC Media. Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and we're excited to see the new heights we'll reach with your passion for security, your customer focus, and your desire to change things up!
What else can you expect? An ongoing investment in your growth-that's why we offer many employee resource groups (called Inclusive Communities), mentorship programs, and hundreds of learning resources to consistently level up your skillset and explore your interests. Because when you succeed, we succeed!
"Cisco Secure offers an environment that combines cutting-edge, mission-critical, technology with some of the brightest, most diverse set of people I've ever had the pleasure of working with." - Chief of Staff, Engineering
Join Cisco Secure - Be You, With Us!
#CiscoSecureEng23