Security Researcher - Content Development
McAfee's Network Security Platform (NSP) is an intelligent IPS solution that discovers and blocks sophisticated threats in the network. Using multiple, advanced signature-less detection techniques such as Advanced Threat Defense, real-time emulation, and endpoint integration, it moves beyond mere pattern matching to offer advanced network intrusion detection that defends against unknown stealthy attacks with extreme accuracy. The next-generation hardware platform scales to speeds of over 40 Gbps, ensuring performance is available to meet the needs of demanding networks. NSP product has been ranked in the Gartner’s Leaders Quadrant for eight consecutive years.
Specific Responsibilities/Functions will include but not limited to:
• Threat analysis, vulnerability research.
• Attack signature writing for network-based IPS
• Work on Layer seven protocol parsing, feature enhancement and automation.
• Work effectively with other members of the team and other functions of the organization to meet goals.
• Work on customer queries/issues related to attack signature content creation and provide workaround/fix when needed.
• Enhance the infrastructure to facilitate vulnerability research and attack signature release process
Experience, Knowledge and Skills required for the role
• BTech/BE/MCA in Computer Science with at least 4+ years of work experience
• Prior experience in writing attack signatures for Network IDS/IPS products such as Open Source Snort, Suricata etc.
• Experience with network security and network security products
• Experience with software development especially skills in programming languages such as C and Java
• Solid networking background, especially with TCP/IP protocol stack
• Detailed understanding of Layer 3 protocols such as IPv4, IPv6, ICMP, IPSec, etc.
• Detailed understanding of Layer 4 protocols such as TCP, UDP, etc.
• Detailed understanding of Layer 7 protocols such as HTTP, SMTP, DNS, PoP3, IMAP, SSH, SSL, Telnet, FTP, etc.
• Solid understanding of software exploitation and common vulnerabilities like buffer-overflow, XSS, Sql-injection etc.
• Good understanding of the threat landscape in the security area such as phishing, malware, botnet, and web security
• Good understanding of regular expressions (PCRE).
• Proficient with one of the scripting languages such as Perl or Python.
• Should have excellent troubleshooting, analytical and problem solving skills.
• Should have an in-depth knowledge of OS'es like Linux, Windows and FreeBSD
• Ability to learn quickly and ramp up on new technologies.
• Ability to multi-task and stay organized in a dynamic work environment.
• Ability to communicate and work effectively with teams across products, functions and locations to deliver tasks/projects on time and meet goals.
Do Not Use