Job Information
Cisco Tetragon Threat Detection Engineer - Isovalent in Zurich, Switzerland
About this role:
Cilium Tetragon is a flexible, Kubernetes-aware security tool, with real-time observability and enforcement. Leveraging the power of eBPF, Tetragon offers a low-overhead, in kernel solution that enhances security posture by monitoring system behaviors such as process executions, system call activities, and both network and file access events.
Tetragon Threat Detection Engineers primarily focus on creating and maintaining
Tetragon runtime security policies, based on the latest threat intelligence, vulnerability disclosures, and their own research.
Policies can act either as a mitigation to known vulnerabilities or as monitoring and protection against unknown security issues.
What you’ll do:
Develop and maintain Tetragon runtime security policies to ensure customers have good visibility of suspicious activity on their infrastructure and are protected against the latest emerging threats
Help design frameworks and architectures that allow customers to easily consume policies and understand their overall security posture
Monitor vulnerability disclosures (CVEs) and the latest threat intelligence to develop Tetragon runtime security policies
Work with software engineers at Isovalent and Cisco to improve and enhance the capabilities of Tetragon security policies
Interact with solution architects and customers as necessary to support and deploy Tetragon security policies in production
Publish content and give talks based on your work
Minimum Qualifications:
3+ years of experience in threat and/or vulnerability research
3+ years of experience in developing security detections at scale, for use in a wide range of environments
3+ years of experience working on Linux system security (e.g., capabilities, LSMs, etc.)
Good communication skills, both written and verbal
Preferred Qualifications:
Experience with eBPF (extended Berkeley Packet Filter) and its applications in security.
Experience with the cloud-native ecosystem (containers, Kubernetes, etc.) and their Linux implementation (e.g., Linux cgroups, namespaces)
Why Cisco?
At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.
Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere.
We are Cisco, and our power starts with you.
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.