Job Description / Skills Required
One of Cyphort’s key cyber threat detection engines analyzes network activity to identify infected hosts in a customer environment. Cyphort is currently looking for a highly motivated, self-starter, independent thinker for a leadership role to spearhead the Research and Development efforts that enhances Cyphort’s content generation and detection methods, targeting the stealthiest advanced persistent threats.
Duties and responsibilities
Joining the Threat Research team in Cyphort Labs, you will be working on Content generation for Cyphort’s Network-based detection of APTs. More specifically, you will be responsible for:
Analyzing newly discovered threats for network traffic.
Enhancing Cyphort’s ability to extract actionable network communication from malware samples via any method that can be automated, dynamic or static.
Designing and developing a framework for automating Content generation.
Developing frameworks to automate 3rd party Content feed integration.
Investigating and evaluating new Content feeds.
Bringing new creative ideas for dynamic Content generation for zero-day malware.
Analyzing large amounts of statistical data in a no-SQL data store for actionable intelligence.
Monitoring efficacy of Cyphort’s network detection in the field.
Analyzing False Positives reported by customers.
Influencing the development of the next-gen capabilities by guiding developers to implement new features in customer facing products.
You will be working with world renown industry leading malware researchers and will have ample opportunities to make your mark in the industry in this area.
Experience working with Snort or Suricata rules.
Experience in researching and analyzing Vulnerabilities and Malware.
Experience creating signatures for leading IPS/IDS products on a daily basis.
Solid understanding of TCP/IP stack and experience using using packet capture and decoder tools like wireshark/tcpdump.
Experience with packet crafting tools and application traffic generation is desirable.
Experience in building automation frameworks and tools for signature generation.
Understanding of IDS/IPS and Firewall internals or sandboxing technologies a plus.
Exposure to open source and commercial signature feeds.
Experience with scripting languages, preferably python.
Experience building production quality software.
BS degree in computer science or higher.
3 or more years of experience in this field.
High energy, highly motivated with a good sense of urgency.
Excellent communication skills, both verbal and written.
Indomitable work ethics.