Team Lead Security Research, Detection Response (Remote US)

Cisco Systems
Fulton, MD
Dec 06, 2022
Dec 08, 2022
Full Time
Location: This position can be fully Remote in the United States. The Talos Detection Response Team (DRT) creates network and endpoint signatures that are distributed world-wide to multiple products in Cisco's security portfolio and the open-source community. In this position you will lead a team of analysts who create detection content for vulnerabilities in a variety of Cisco and non-Cisco products. Understanding these vulnerabilities may come from reviewing technical reports, reading code diffs, or generating network traffic from proofs-of-concepts. Once released, these protections directly impact the security of people and organizations around the globe. You will also be responsible for managing and assigning inbound protection requests to a subset team of analysts. To effectively manage analyst's daily workloads, a Lead must be able to effectively balance workload, distribute and track assignments, and prioritize work based on the impact of the threat to our customers Role and Responsibilities: Research security threats, attacker techniques and tools, 0-day vulnerabilities Assess team member's work and identify training needs based on weaknesses Conducts regular one-on-one sync with team and DRT staff Provides guidance and support to team members Facilitates communication within and across teams Provide mentorship and training to new team members Anticipates problems/issues and takes action to prevent/minimize their impact Participate in strategic planning for team and the broader DRT Minimum Qualifications: Proven experience as a lead, supervisor, or relevant leadership role Exceptional organizational and leadership skills Exceptional communication and conflict resolution skills Solid technical writing skills Experience providing review and feedback of technical work In-depth experience with vulnerability analysis and common methods of exploiting vulnerabilities, such as Buffer Overflows, Cross-Site Request Forgery, Use-After-Free, XXE Knowledge in network traffic analysis using tools such as Wireshark Advanced knowledge of network, transport, and application layer protocols, such as IP, TCP, LDAP, TLS, RDP, SMB Experience with a compiled language (eg, C, C++, Rust, Go) and a scripting language (eg, Python, Ruby, Perl) Knowledge of reverse engineering, malware analysis, and relevant tools (eg, IDA Pro, Binary Ninja, Ghidra, radare2, x64dbg, WinDbg, OllyDbg) Experience analyzing assembly code and identifying code patterns in disassembled binaries Familiarity with the memory layout and different segments of a running process, such as the stack and the heap Knowledge of Windows and Linux internals Typically, Bachelors in Computer Science, Cyber Security, or other tech-related degree + 7 years related experience or Masters + 4 years related experience, or equivalent experience. Prefer 10 years of work experience in the security industry. Preferred Qualifications: Familiarity with asymmetric ciphers (ECC, Diffie-Hellman, etc.), symmetric ciphers (AES, DES, etc.), and hashing algorithms (MD5, SHA256, etc.) Experience with Snort rules language Background in intrusion detection or forensic analysis Experience with product testing and validation Why Cisco Secure #WeAreCisco, where each person is unique. We bring our talents to work as a team each day, helping power an inclusive future for all. Get to know us! Our People Are The Heart of Cisco We're global, we're adaptable, we're diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security? Those are only a few of our product teams! The only thing we're missing is YOU. Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We #InnovateToWin and we know we're better together, that's why we're dedicated to inclusivity, collaboration, and diversity in everything we do. We're proud to be the Best Security Company in 2021 with the Best Authentication Technology and the Best Small and Mid-Size Enterprises Security Solution in 2022 by SC Media. Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and we're excited to see the new heights we'll reach with your passion for security, your customer focus, and your desire to change things up! What else can you expect? An ongoing investment in your growth-that's why we offer many employee resource groups (called Inclusive Communities), mentorship programs, and hundreds of learning resources to consistently level up your skillset and explore your interests. Because when you succeed, we succeed! "Cisco Secure offers an environment that combines cutting-edge, mission-critical, technology with some of the brightest, most diverse set of people I've ever had the pleasure of working with." - Chief of Staff, Engineering Join Cisco Secure - Be You, With Us! #CiscoSecureEng23 #TalosEngFY23 #LI-Remote