As a junior-mid level Threat Researcher you will be part of the front line responsible for helping to protect millions of users worldwide from Network security threats and exploits
The successful candidate will provide analysis and detection of the latest threats and help create the next generation of SophosLabs research tools
The ideal candidate is passionate about computer network security and has a high aptitude for solving challenging puzzles with an attention to detail
What will you do
Develop high-quality Application classification and IPS Signatures to classify application traffic and detect/prevent threats and exploits.
Test and publish Application classification and IPS Signatures.
Analyze cyber threats/exploits in software and Applications.
Reverse engineer threats, exploits, and proof-of-concept code.
Write descriptions of threats and exploits for publication on the Sophos website and in threat research whitepapers.
Independently conduct research, reverse engineer threats and exploits, and provide research reports.
Triage requests from other departments, respond to tasks, or escalate complex issues to senior team members.
Answer customer queries routed through technical support and internal queries from all departments.
Identify opportunities to write blogs for the Sophos website to raise customer awareness
What you will bring
Essentials
One to three years of experience in network security, threat research or threat hunting.
A practical understanding of the TCP/IP protocol suite including in depth knowledge of application layer protocols, such as HTTP, FTP, SMTP, POP3, IMAP, SSL etc
Experience in capturing and decoding protocols using packet analyzer tools such as Wireshark, Ethereal, and tcpdump.
Familiarity with various network and endpoint security technologies, including next-generation firewalls (NGFWs), intrusion detection/prevention systems (IDS/IPS) and proxy servers.
Knowledge of exploits (file and protocol-based), network evasion techniques, and the Linux network stack.
Understanding of commonly employed attack techniques such as Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), Directory Traversal, Buffer Overflow, etc
User-level experience with various operating systems, including UNIX and Windows flavors.
Desirable
Experience in Application or IPS signature development or testing, preferably with Snort or equivalent engines such as Suricata or Bro.
Understanding of Snort engine internals.
Knowledge of TCP/IP low-level evasions.
Familiarity with upper-level OSI evasions, such as HTTP/S evasions.
Familiarity with Sophos or other competitor firewall products.
Experience with automation using scripting languages such as Python, Ruby, Perl, Shell, or TCL, and a good understanding of programming languages such as C, C++, JavaScript, HTML, etc
Hands-on experience with tools such as Wget, Curl, Nmap, Hping2, Burp, Fiddler etc
Job Classification
Industry: IT Services & Consulting Functional Area: IT Services & Consulting Role Category: Quality Assurance and Testing Role: Security Testing Engineer Employement Type: Full time