Loading...

Senior Threat Researcher 1

Bangalore, KA, IN, 560103

Engineering

Sophos Overview – Cybersecurity Evolved

Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs, our cloud-native and AI-enhanced solutions are able to adapt and evolve to secure endpoints and networks against never-before-seen cybercriminal tactics and techniques. Managed through our award-winning, cloud-based platform, Sophos Central, our best-of-breed products work together through our unique Synchronized Security system to share threat intelligence and respond to evolving threats. The Sophos suite of products secures networks and endpoints against automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more.

 

Job Purpose

As a Threat Researcher you will be part of the front line responsible for helping to protect millions of users worldwide from Network security threats and exploits.  The successful candidate will provide analysis and detection of the latest threats and help create the next generation of SophosLabs research tools. The ideal candidate is passionate about computer network security and has high aptitude for solving challenging puzzles with an attention to detail.

 

Main Duties

  • Analyze cyber threats/exploits in SWs and Applications
  • Reverse Engineer the threat/exploits, PoC code etc
  • Develop high-quality detection/IPS Signatures to detect and prevent threats/exploits.
  • Build, test and publish the detection / IPS Signatures
  • Write threat/exploit descriptions for publication on the Sophos website and threat research whitepapers.
  • Track 0-days and new/latest Vulnerabilities and X-wares on regular basis and strive to provide timely protection against them to the customers.
  • Independently conduct research and reverse engineer the threat/exploits and able to provide research report.
  • Triage requests submitted by other departments, respond to tasks or escalate complex issues to senior team members
  • Answer customer queries routed through Technical Support and internal queries from all departments
  • Identify opportunities to write blogs for the Sophos website to raise customer awareness
  • Work with 3rd party test co-ordinator to improve our scores in 3rd party test results
  • Understand our failures and provide technical insight while working with our engineering teams to come up with a solution to improve in future test results.
  • Maintain aligned communication with the team which includes quality, effectiveness, 3rd party test issues etc.,
  • Take initiatives and drive quality and effectiveness

 

Skills & Experience

Essential:

  • Bachelor/Master Degree in Engineering, Computer Science/Electronics OR Bachelor/Master of Computer Application
  • Good to have certifications such as CEH, CCNA/CCNP, CISSP etc.
  • 8+ years of experience in Vulnerability/Exploit Research and IPS Signature Development/Test (preferably on Snort or equivalent engine)
  • Good understanding of various network and end-point security providing technologies such as conventional Firewalls, NGFWs, IDS/IPS, AV/UTM, Proxy Servers etc
  • Strong understanding of exploits (File and Protocol based), network evasion techniques, linux network stack
  • Extremely Strong and practical understanding of TCP/IP protocol suite, L2/L3/L4 network communication and L7 protocols such as HTTP, SMTP, POP3, DNS, Telnet, HTTPS/SSL, FTP etc and ability to decode them in packet analyzer tools such as Wireshark, Ethereal, tcp-dump etc.
  • Very strong and practical understanding of commonly employed techniques used such as Cross Site Scripting (XSS), SQL Injection, Cross Site Request Forgery (CSRF), Directory Traversal, Buffer Overflow etc
  • Experience in developing Snort IPS signatures/rules
  • Good understanding of Snort engine internals
  • Deep understanding of network evasions 
    • TCP/IP low level evasions
    • Upper level OSI evasions such as HTTP/S evasions 
  • Familiarity with Sophos or any other competitor firewall products
  • Very strong/Hands-on experience with automation with any of the scripting language such as Python/Ruby/PERL/Shell/TCL etc and good understanding of C, C++, Java-Script, HTML, VB etc.
  • Able to craft packets and hands on experience on tools such as Wget, Curl, nmap, Hping2, Burp, Fiddler.
  • Strong hands-on experience on various OSes of UNIX flavors and Windows flavors.
  • Able to work independently with minimal supervision
  • Interpersonal and communication skills, focused on building rapport and listening
  • Strong communication skills, written and verbal
  • Strong organization and time management skills
  • Ability to multitask and prioritize workload along with project assignments
  • Flexibility to work with teams in different time zones
  • Critical thinking – Ability to analyse situations and make informed decisions – think critically and devise solutions
  • Team work – Ability to collaborate with team members, accept feedback from others
  • Positive attitude – Bring positivity to team members
  • Sense of urgency to business requirements.

 

Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

 

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.


Job Segment: Developer, Cisco, Java, SQL, Computer Science, Technology