Topic created on: July 30, 2010 10:26 CDT by aeppert .
About Alert Logic
Alert Logic is a leading provider of on-demand compliance and security solutions. Our threat, log, and IT compliance management solutions run as a software-as-as-service, and are cost effective, easily deployed, and easily maintained. Customers can protect their networks and comply with policies and regulations with no maintenance needed on their part as services are delivered "in-cloud," without the need to work onsite to deploy, configure, tune, maintain or upgrade. We pride ourselves on offering efficient, no-hassle, reliable network security and compliance solutions and continually exceeding customer expectations. Alert Logic offers an exceptional company culture with a group that works hard and has fun. We are looking for someone with a passion for technology, a drive for continual learning, and the love of solving problems.
The Security Researcher will analyze and respond to emerging threats and rapidly develop protection for Alert Logic clients. The Security Researcher must be skilled in Windows, Unix, Linux, networking, and programming, reverse engineering and web technologies. The responsibilities will include prototyping new detection techniques, developing expert system code, and analyzing new threats.
Preferred Technical Experience:
* Reverse engineering tools (e.g., debuggers, disassemblers)
* Low level languages such as C and Assembly
* Vulnerability identification through code audits, fuzzing etc..
* Exploit development
* Microsoft Windows
* Unix & Linux administration
* TCP/IP networking
* Web protocols (e.g., HTTP, SOAP, WS-*)
* High-level scripting languages (e.g., Python, Ruby) and shell scripting
* SQL and Oracle databases
Essential Duties & Responsibilities
* Employ strong knowledge of security concepts and practices to proactively identify threats, vulnerabilities, and exploits.
* Investigate and analyze new threats, vulnerabilities, and exploits. Includes documenting and developing countermeasures.
* Write technical papers and deliver external and internal presentations introducing new and novel security research.
* Serve as an escalation point for the SOC for new incidents.
* Mentor analysts and aid in employee development.
* Make recommendations for appropriate development, engineering and corporate processes and procedures.
* Answer questions from clients regarding new attacks and trends.
* Suggest or implement new product prototypes and work with product management on implementation.
Knowledge, Skills, & Abilities
* Strong analytical and problem-solving skills.
* Strong time management skills, self-directed, ability to thrive in a fast-paced, dynamic environment.
* Demonstrate sound judgment, as displayed by previous experience. Be accomplishment/result-oriented.
* Exhibit good written and verbal communications skills.
* Be able to work with others and professionally challenge ideas.
* Experience in public speaking, presentations, interviews.
* Ability to present complex technical ideas to a less technical audience via written communication or through presentation.
* Ability to quickly automate tasks through custom programming or scripting using high-level scripting languages such as Python.
Education and Experience:
* 5 + years professional experience in information security.
* A GIAC certified intrusion analyst certification or CISSP is preferred. If the candidate does not have one it must be acquired within 6 months.
* Other certification such as OSCE (Offensive Security Certified Expert) , NOP (Certified Network Offense Professional), GREM (GIAC Reverse Engineering Malware, GWAPT (GIAC Web Application Penetration Tester, GPEN (GIAC Penetration Tester), are a plus.