Job Summary:
As a Senior Software Engineer specializing in malware detonation sandboxes, you will play a pivotal role in Protecting Splunk Attack Analyzer customers from threats. Your responsibilities encompass managing and optimizing a fleet of malware sandbox environments with a strong focus on automation, security, and operational reliability. You will apply your expertise in Python, virtualization, static and dynamic analysis to ensure efficient, scalable and reliable detonation of suspect files and URLs.
Your understanding of behavioral malware analysis on Windows (including OS hooks and event log analysis), static detection engines/languages (e.g., Yara, ClamAV, Sigma), and network IDS/IPS technologies (e.g., Snort, Suricata,Zeek) at a fundamental level will be crucial for success in the rule. You should also become comfortable with automation tools (e.g., Ansible, Puppet) for handling large-scale sandbox infrastructure and have the ability to operate Visual Studio C++ for driver/dll compilation. You will collaborate with multi-functional teams to integrate sandbox insights with broader security tooling, drive the migration of sandbox environments to cloud platforms (AWS, GCP, etc.), and ensure operational continuity and compliance. Continuous innovation and documentation are key to the role, supporting evolving defensive strategies against sophisticated adversaries.
Meet the Team:
The Splunk Attack Analyzer (SAA) team streamlines security threat analysis, providing forensic evidence and metadata to customers via API and Portal. As a Senior Engineer, you'll orchestrate the optimization of the sandbox engines and architect innovative solutions to overcome challenges posed by the threat actors.
Key Responsibilities:
- Manage, maintain, and optimize malware detonation sandboxes and supporting infrastructure, ensuring high availability and performance.
- Lead the migration and integration of sandbox environments to cloud platforms (AWS, GCP), including secure deployment and adoption of cloud-native security tools.
- Integrate and maintain sandbox platforms and static detection engines.
- Apply behavioral malware analysis techniques, including Windows OS hooks and event log analysis.
- Operate and tune network IDS/IPS systems to enrich threat detection.
- Apply configuration management and automation tools to handle and scale the sandbox fleet.
- Collaborate with security, engineering, and infrastructure teams to integrate sandbox insights with broader detection and response tools.
- Architect solutions to overcome sophisticated threat actor techniques (evasion, anti-analysis, etc.).
- Patch, resolve and update sandbox systems to maintain robust, secure operations.
- Document technical processes, configurations, and analysis results to support information sharing and compliance.
- Stay ahead of emerging malware, sandbox, and cloud technologies to drive continuous improvement.
Required Qualifications:
- Bachelor's degree in Computer Science, Computer Engineering, or related field; or equivalent work experience
- 5+ years of extensive experience in managing and maintaining sandbox environments for automated malware analysis.
- Proficient in Python; familiarity with Bash or PowerShell scripting.
- Deep understanding of virtualization technologies and sandbox platforms (Cuckoo, CAPE, etc.).
- Practical experience with behavioral malware analysis, Windows OS internals, and event log analysis.
- Operational familiarity with Visual Studio C++ for tool development or analysis tasks.
- Hands-on experience with static detection languages/tools (Yara, ClamAV, Sigma).
- Solid understanding of network IDS/IPS (Snort, Suricata, Zeek) and their application to malware analysis.
- Experience with configuration management tools (e.g., Terraform, Puppet, Chef, Ansible).
- Solid understanding of networking, security, and system administration.
- Expertise in AWS, GCP, and experience with cloud migration projects.
- Excellent collaboration, documentation and communication skills to work with cybersecurity teams and other partners.
- Up-to-date knowledge of the emerging malwares, sandbox technologies, and cloud methodologies.
- Demonstrated ability to mentor junior engineers and lead technical initiatives.
Cisco is an Equal Opportunity Employer
At Cisco, we believe creating a culture of belonging isn’t just the right thing to do; it’s also the smart thing. We prioritize diversity, equity, inclusion, and belonging to ensure our employees are supported to bring their best, most authentic selves to work where they can thrive. Qualified applicants receive consideration for employment without regard to race, religion, color, national origin, ancestry, sex, gender, gender identity, gender expression, sexual orientation, marital status, age, physical or mental disability or medical condition, genetic information, veteran status, or any other consideration made unlawful by federal, state, or local laws. We consider qualified applicants with criminal histories, consistent with legal requirements.
Base Pay Range
Base Pay Range: $138,000 - 171,000 annually
When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.
U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.
Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco’s flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco’s Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.
Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:
.75% of incentive target for each 1% of revenue attainment up to 50% of quota;
1.5% of incentive target for each 1% of attainment between 50% and 75%;
1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.
For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.
