Cisco enjoys a unique position and is leveraging an unprecedented capability to secure the network through intelligence derived from data collected on a global scale. The Threat GRID and Cisco AMP teams are leading the way in their capacity to invent, prove-out, and enable new technologies in big data analytics and threat intelligence.
Our team is composed of highly skilled individuals who are comfortable working in a fast paced and technically challenging environment.The AMP Research and Efficacy Team are tasked with improving the detection and alerting capabilities of the AMP for Endpoints and Threat Grid product lines. Part of this work includes researching malware, attack and exploitation methods in order to generate Indicators and signatures for alerting within both products.
Role & Responsibilities
Interface Directly with Tier 3 support team to provide resolution of issues with detections and other support cases.
Triage and aid in the remediation of False Positive and False Negative triggers covering the AMP architecture.
Identify root cause of false positive detection and false negatives in product, and suggest/implement remediation.
Analyze Network traffic and binaries to identify malicious behavior and characteristics
Suggest product improvements and enhancements through daily activities
Identify and Report prevalent malicious techniques.
Conduct research into Tools and Tactics used by Malicious authors.
Identify behavioral, benign or normal activity in recorded execution of software
Knowledge of operating system internals including Windows, Linux and Mac OS.
Prior knowledge or experience with Malware detection or remediation
Ability to Read and comprehend Packet captures
Ability and prior experiencing in writing and validation of threat signatures (Yara, Clam, OpenIOC)
Ability to write and validate parsers for a variety of file formats.
Scripting or programming experience (Python preferred)
Excellent communication skills
Ability to articulate technical issues
Reverse Engineering and experience with IDA Pro, WinDbg, OllyDbg
Data Mining and interpretation skills
Experience in and knowledge of Clojure
Background or knowledge of Quality Assurance
Cisco Systems, Inc.