Security Researcher

Tripwire is a leading provider of endpoint detection and response, security, compliance and IT operation solutions for enterprises, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations.

Our Research Engineers come from a variety of backgrounds, including programming, network and systems administration, technology research and software QA. The only common denominator is an overwhelming passion for solving difficult (and sometimes impossible) problems, a team-focused, result-oriented attitude and a desire to work hard with an energetic group of exceptionally talented teammates. The primary focus of this role is to stay on top of the "vulnerability landscape" and be up-to-date on current attacks or potential attacks. The Security Engineer is responsible for reviewing, isolating, analyzing and then reverse-engineering vulnerable programs or malicious code in order to determine and understand the specific nature of the threat.

* Actively participate in the industry’s most respected security research team. * Research newly disclosed software vulnerabilities and develop detection algorithms? * Deploy and configure a wide range of operating systems, databases, and applications for research purposes.? * Expand Tripwire’s products to detect new vulnerabilities and security weaknesses.? * Keep abreast of new developments in information security, analyze the threat environment, and turn this knowledge into action that protects our clients.? * [OPTIONAL] Contribute to our VERT blog, publish research findings, present at security conferences, and participate in the standards bodies that guide global security.

**Knowledge, Skills & Abilities Required** * 2+ years education and/or experience in a Computer Security or IT related field * ?In depth experience with computer and network security standards * Intimate knowledge of computer operating systems. In particular, significant understanding of one or more of the following families: * Solaris, Linux, AIX, HP-UX, BSD, and other Unix-based systems? * Windows family of operating systems especially Vista/2008/7/2008R2/8/2012/10. * Strong understanding of TCP/IP, UDP, ICMP and other Internet protocols. * Ability to understand network protocol representations as they appear “on the wire”. * Demonstrated knowledge of vulnerabilities and the exploits that target them. * ?Demonstrated attention to detail, curiosity, and persistence are your key character traits * Proven ability to excel in both self-directed and team oriented tasks in a fast-paced, exciting environment.? * Demonstrated interest in information security? * Ability to rapidly learn new protocols, programming languages, and architectures, and to apply that knowledge to the analysis of network traffic, exploit code, and system configurations. * Strong understanding of analysis methodologies and research techniques. **Preferred skills** * Experience with web application and/or database security concepts and practices. * ?Knowledge of intrusion detection filters, signature definitions, and vulnerability description standards such as XCCDF, OVAL, CVE, CPE, and CCE. * Experience with virtualization technologies.? * Understanding of operating system fingerprinting techniques.? * Strong experience with networking concepts such as: routing protocols, switching standards, firewall rules, network address translation (NAT), CIDR, BPF and other packet filtering technologies.? * Professional experience with a deep knowledge of programming languages such as: Python, C/C++, shell scripting, SQL, JavaScript and/or PHP. * Experience with tools such as IDA Pro, BinDiff, Wireshark, nmap, commercial scanning technologies, etc