TALOS wants YOU! As a member to the Detection Research Team, you will research vulnerabilities in software and network protocols, how they are exploited, be responsible for creation of detection content for the technologies TALOS supports, and act as a trusted security partner within the TALOS organization and Cisco. You will learn to take a Proof-of-Concept (PoC), verify it exploits the vulnerable condition, create a PCAP of the network traffic created during exploitation, and write detection content to detect that exploitation, while not generating False Positives. You will join a team of subject matter experts in a wide range of fields & technologies, as well as newbies fresh out of college or the local CTF competition!
Role & Responsibilities
- Analyze 0 days and new security threats to SCADA and the ICS space
- Analyze IoT devices, including firmware as it pertains to ICS equipment.
- Analyze malware samples using static/dynamic analysis, debuggers
- Provide subject matter expertise on ICS security, both on exploits and defense.
- Research emerging ICS technologies and SCADA protocols.
- Create advanced detection content for Snort, ClamAV, AMP, and Security Intelligence
- Write detailed technical advisories on new vulnerabilities
- Capture network traces from exploits for testing IPS and IDS security effectiveness
- Three years' work experience in the security OR ICS industry
- Solid base knowledge of networking, transport, and application layer protocols, such as IP, TCP, UDP, and HTTP
- Experience with vulnerability analysis
- Experience with common methods of exploitation, such as Buffer Overflows, Cross-site Scripting, etc
- Experience with the structure of common file formats, such as PDF, DOC, and SWF
- Experience with OllyDbg or IDA Pro
- Experience working in both Windows and Linux
- Experience with network traffic dissectors such as Wireshark
- Experience with either Perl, Python, or Ruby
- Solid technical writing skills
- Excellent Analytical and problem solving skills
- Excellent organization, decision making, and verbal and written communication skills
- Ability to work independently with minimum supervision and take on additional tasks as required
- Ability to work with small teams to solve complex problems
- Bachelor's degree in Computer Science, Cyber Security, or other tech-related degree
- Experience with snort rules language
- Familiarity with structures in memory, such as the Stack and the Heap
- Experience with SCADA master and field devices related to generation, DSCADA, TSCADA, Gas SCADA, and Advanced Metering Infrastructure.
- Knowledge of SCADA protocols like DNP3, Modbus, BACNet, ICCP, IEEE 60870, etc.,
- Strong familiarity with ICS vendors and product offerings in the SCADA industry.
- Knowledge of RF field devices for SCADA communication.
- Work closely with software reverse engineers and research analysts to quickly develop detection content for all our core applications
- Moderate to high levels of stress may occur at times
- Fast paced and rapidly changing environment
- Extremely talented and experienced team members and mentors
- No special physical requirements
- Constant internal training, libation, and enthusiastic discussions
A little about us:
We are one, big, techie, employee tribe that changes the world while having fun.