Vulnerability Researcher - Military Veterans

The application window is expected to close on: 1/13/2025

Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.

Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. Talos defends Cisco customers against known and emerging threats, discovers new vulnerabilities in common software, and interdicts threats in the wild before they can further harm the internet at large.

What You'll Do

If you enjoy vulnerability research, crash analysis, reverse engineering, and researching new techniques and writing tools to automate these tasks, this job is for you. This Senior Researcher position with Cisco Talos Vulnerability Discovery and Research Team is available to remote and international workers.

Security research including development of tools for vulnerability discovery, analysis, and mitigation. Development of fuzzers and static analysis tools to identify new vulnerabilities in software. Development of static and run-time analysis tools to figure out root cause and input conditions related to a vulnerability. Vulnerability triage and proof of concept exploit development to support the creation of detection content. Additional responsibilities include helping users and other analysts with setup, installation, and usage of the vulnerability research tools and demonstrating leadership in the security community through publishing open-source tools, papers, presentations, and blog posts.

Who You Are

• Perform security analysis to discover new vulnerabilities in software and/or embedded systems.
• Create tools for the discovery and triage of vulnerabilities.
• Write detailed technical advisories on new vulnerabilities.
• Develop proof of concept exploits for testing IPS and IDS effectiveness.
• Perform patch analysis to find and trigger vulnerabilities.
• Reverse engineer binary applications, protocols, and formats.
• Analyze zero-day vulnerabilities and emerging security threats and technologies.
• Demonstrate leadership within the security community.

Minimum Qualifications

• 3+ years of experience in vulnerability research or a closely related area, e.g. exploit, fuzzing or mitigation development
• Bachelor's degree or equivalent in Computer Science, Electrical Engineering, Cyber Security, or other tech-related degree (or equivalent due to work experience)

Preferred Qualifications

• 3+ years' experience with binary auditing and reverse engineering, and with related tools such as IDA Pro, Binary Ninja, Ghidra, etc. and with plugin development.
• 3+ years' experience with C/C++, and a scripting language (e.g., Python), and assembly (e.g., x86/x64, ARM, etc.)
• 3+ years' experience with common vulnerabilities and methods of exploitation, such as memory corruption, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
• Published technical contributions to the security community (e.g. CVEs, security advisories, blog posts (0-day/n-day analysis), open source contributions, academic publications, etc.)
• Candidates with experience in vulnerability research in industrial control systems are encouraged to apply
• Knowledge of common file format and network protocol structures.
• Ability to work independently with minimum supervision and to tackle additional tasks as the need arises.

Why Cisco Secure

We're global, we're adaptable, we're diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security? Those are only a few of our product teams! The only thing we're missing is YOU.

Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We #InnovateToWin and we know we're better together, that's why we're dedicated to inclusivity, collaboration, and diversity in everything we do.

We're proud to be the Best Small and Mid-Size Enterprises Security Solution Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and we're excited to see the new heights we'll reach with your passion for security, your customer focus, and your desire to change things up!

There are so many amazing reasons to join Cisco. Learn more here !

Message to applicants applying to work in the U.S. and/or Canada:

When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.

Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco's flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use, but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco's Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:

.75% of incentive target for each 1% of revenue attainment up to 50% of quota;

1.5% of incentive target for each 1% of attainment between 50% and 75%;

1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.