This job ad has been posted over 30 days ago...



Senior Threat Researcher for IPS Signature Development Team Full-time

at SOPHOS in Banglore (Published at 16-11-2016)


SophosLabs is recruiting Senior Threat Researchers to join our global team of highly skilled security experts to help secure and protect Sophos users and their systems worldwide from threats such as malware, exploits, spam and phishing.

Education –

-Bachelor/Master Degree in Engineering, Computer Science/Electronics OR Bachelor/Master of Computer Application
-Good to have certifications such as CEH, CISSP etc.

Experience –

2 to 10 years of experience in Vulnerability/Exploit Research and IPS Signature Development/Test (preferably on Snort or equivalent engine)
-Good understanding of various network and end-point security providing technologies such as conventional Firewalls, NGFWs, IDS/IPS, AV/UTM, Proxy Servers etc

Main Duties-

The successful candidate will provide analysis and detection of the latest threats and help create the next generation of SophosLabs research tools.

-Analyze cyber threats/exploits in SWs and Applications
-Reverse Engineer the threat/exploits, PoC code etc
-Develop high-quality detection/IPS Signatures to detect and prevent threats/exploits.
-Build, test and publish the detection / IPS Signatures
-Write threat/exploit descriptions for publication on the Sophos website and threat research whitepapers.
-Track 0-days and new/latest Vulnerabilities and X-wares on regular basis and strive to provide timely protection against them to the customers.
-Independently conduct research and reverse engineer the threat/exploits and able to provide research report.
-Triage requests submitted by other departments, respond to tasks or escalate complex issues to senior team members
-Answer customer queries routed through Technical Support and internal queries from all departments
-Identify opportunities to write blogs for the Sophos website to raise customer awareness

Must Have Skills –

-Extremely Strong and practical understanding of TCP/IP protocol suite, L2/L3/L4 network communication and L7 protocols such as HTTP, SMTP, POP3, DNS, Telnet, HTTPS/SSL, FTP etc and ability to decode them in packet analyzer tools such as Wireshark, Ethereal, tcp-dump etc.
-Very strong and practical understanding of commonly employed techniques used such as Cross Site Scripting (XSS), SQL Injection, Cross Site Request Forgery (CSRF), Directory Traversal, Buffer Overflow etc
-Very strong/Hands-on experience with automation with any of the scripting language such as Python/Ruby/PERL/Shell/TCL etc and good understanding of C, C++, Java-Script, HTML, VB etc.
-Experience with Snort or equivalent IPS engine, Snort rules and their constructs and ability to develop signatures/rules using Snort or equivalent constructs. Must be able to craft performance friendly patterns using PCRE.
-Strong practical experience with commonly used open source and commercial attack simulating and pen-test tools such as Metasploit (MSF), Canvas, Core Impact, Ixia/BPS, Karalon, Spirent and Evader etc.
-Able to craft packets and hands on experience on tools such as Wget, Curl, nmap, Hping2, Burp, Fiddler
Strong hands-on experience on various OSes of UNIX flavors and Windows flavors
Good written and verbal communication skills.
Ability to work both independently and as part of a global team.
Possess an analytical and methodical approach to workflow.
Proven ability to prioritize and organize assigned tasks.
Proven problem-solving skills with an inquisitive nature.
Conduct security incident investigations which demonstrates in-depth knowledge of networks, TCP/IP, operating systems, network protocol, applications targeted etc.

Desirable skills –

Experience in using various tools for Vulnerability management (QualysGuard, Acunetix, Nessus etc)
Experience in researching and reverse engineering malware using tools such as IDA Pro, WinDbg, OllyDbg and Hex editors
Experience in deploying and managing honeypots
Understanding of basic executable file formats (MZ/NE/PE) and advanced executable file formats (ELF/DEX/Mach-O)
Familiarity with exploitable file formats including Java, PDF, Flash and Office documents
Published technical / whitepapers

Note: Applications have been closed.

Recent jobs at SOPHOS

Viewed: 1294 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend