Sr. Signature Engineer

” The Job Description”

1.   Design and develop signature rules to detect known and emerging threats using DPI technologies.
2. Analyze network traffic and protocols to extract identifying characteristics and behavioral patterns.
3. Reverse engineer malicious traffic or malware payloads to develop custom detection logic.
4. Test and validate signature accuracy, minimizing false positives and ensuring high performance.
5. Monitor signature effectiveness in live environments and iterate for improved detection and efficiency.
6. Collaborate with threat intelligence teams to stay ahead of evolving attack vectors.
7. Document and maintain a knowledge base of signature logic, rule sets, and configuration best practices.
8. Continuously research new protocols, applications, and evasion techniques to update detection logic.
   Requirements:
   

• Proven expertise in Deep Packet Inspection (DPI) technologies and tools.
• Strong understanding of network protocols (TCP/IP, HTTP/S, DNS, SMTP, etc.).
• Experience in developing signature-based detection rules for IDS/IPS or DPI engines (e.g., Snort, Suricata, Bro/Zeek, YARA, etc.).
• Ability to reverse engineer malware or obfuscated traffic to identify unique detection markers.
• Strong experience in packet analysis tools like Wireshark, tcpdump, etc.
• Proficient in regular expressions, scripting (Python, Shell), and pattern matching techniques.
• Knowledge of cybersecurity threats, MITRE ATT&CK framework, and APT tactics and techniques.
• Excellent analytical and problem-solving skills with strong attention to detail.
• Strong documentation and communication abilities.

Tagged as: DNS, DPI, http/s, smtp, snort, suricata, tcp/ip, yara