Open Positions at Trinity Cyber

Senior Software Engineer

Job Description:

Trinity Cyber is a leading developer and provider of advanced cybersecurity technologies and services. Our breakthrough core technology can deeply, quickly, and precisely interrogate and transform Internet sessions, creating a family of products and services. As a secure edge, our system automatically identifies, neutralizes and transforms malicious Internet traffic in line and at line speed with granularity and precision beyond other cybersecurity technologies. As an API-driven file inspection platform, it delivers sub-second conviction results and metadata to third-party providers like email security and packet capture vendors. It can also deliver rapid file context and content to cybersecurity analysts. Our customers and go-to-market partners are growing and span multiple industries.

Primary Role:

Trinity Cyber is looking for a senior software engineer to join their Capability Engineering team building the core network, file, and protocol processing engine behind our TC:Edge and TC:File services. Ideal candidates will be self-motivated, flexible to new coding standards and processes, have some past experience with intrusion or threat detection and prevention, and have technical proficiency in key technology areas: high-performance C/C++, application layer network protocols, and file formats and parsing concepts.  This role can be performed remotely.

What You Will Do Includes:

Your primary role will be to write C++ code that will incrementally improve and generationally evolve Trinity Cyber's core software engine backing our TC:Edge and TC:File services. You will work with a small team of highly talented and motivated individuals with a diverse background to implement new protocol proxies, file parsers, and detection logic algorithms following existing and well-established patterns and workflows. Your primary customer will be our internal Threat Analysis and Formula Development teams with whom you will work closely and be a subject matter expert.  You will also participate in daily peer code and design review sessions, write unit tests and ensure the quality of your code, and participate in architectural improvement discussions.

Qualifications & Experience:

  1. Experience with EITHER application layer protocol parsing OR file format parsing for cyber security purposes.
    1. Application layer protocols: 
      • Examples: HTTP, SMTP, TLS, DNS, LDAP, SSH, FTP, SMB, NFS, etc.
      • Experience with proxying, not just parsing, a major bonus.
      • Cursory understanding of underlying layers (Ethernet, IP, TCP/UDP at a minimum) required; deep understanding including network stack experience a major bonus.
    2. File formats:
      • Examples: OOXML, CFB, RTF, OLE, images (JPEG/JFIF, PNG, TIFF), sound files (OGG, MP3/MP4, WAV), executables/shared objects/adjacent formats (Windows, Linux, Mac, iOS, and Android – PE/DLL, ELF, SO, JAR, APK), etc.
      • Experience with parsing based on both publicly defined specifications and poorly documented formats required.
      • Experience writing strong identification of formats a bonus.
  2. Significant experience writing high throughput and/or low latency user space applications in C++ (14 or newer preferred).
    1. Performance tuning on Linux - full system (vTune, perf, gprof, etc.) and micro-benchmarking approaches.
    2. Familiarity with basic function of major kernel subsystems (network stack, memory management, process/thread management, etc.); especially interaction with user space applications.
    3. Linux networking stack and/or custom user space packet processing (DPDK or similar) experience is highly desired.
      • Related development experience such as high-frequency trading, game engine development, or high-performance compute are also applicable.
      • Ability to separate 'fast path'/'data plane' from 'slow path'/'control plane' functionality.
  3. Knowledge of general software development under Linux (CentOS 7/8/9).
    1. Basic systems administration: package management, shell scripting, SELinux basics, common service configuration (sshd, httpd, named, dhcpd, etc.), iptables.
    2. Knowledge of compiler, debugger, and testing tool chains - gcc/clang/icc, gdb, CMake, autotools, lcov, gcov, Google Test, etc.
    3. Continuous integration/continuous deployment systems – (Jenkins, Bamboo, etc.).
    4. Static and dynamic code quality/code analysis tools – (CodeSonar, cppcheck, sanitizers).
    5. Skill with at least one command line text editor (vim, emacs, etc.)
  4. Familiarity with issues surrounding application layer proxying of network protocols.
    1. Transparent intercepting proxy vs. explicit proxy.
    2. L2 vs L3 vs L7 transparency and performance/reliability impacts of proxies on various protocols.
    3. Experience with Linux "tproxy" or equivalent features (either standard stack or custom stack).

In Addition, a Fully Qualified Candidate Will Have:

  1. Experience with Tier 1 ISP grade high-performance multi-node x86 network appliance development desirable.
    1. 10Gbps+ throughput application layer proxies.
    2. 100,000s+ connections/s and concurrent connections.
    3. Liveness detection, node failover, load balancing, and state distribution in multi-rack level systems.
    4. Multi-tenant environments.
  2. An understanding of Intel architecture, including NUMA constraints, would be a major bonus.
    1. Applications with large memory footprint and impacts on cache efficiency for high throughput/low latency code.
    2. Practical CPU microarchitecture knowledge a major bonus: SIMD data parsing, lockless data structures, front end/back end CPU considerations.
    3. Hardware/software and user space/OS kernel interactions - BIOS tuning, cstates, process groups and affinity, PCI CPU affinity.
    4. Process and thread pinning.
  3. Bachelor’s Degree in Computer Science or related experience and/or training; or equivalent combination of education and experience.
  4. Effective verbal and written communication skills.
  5. Must possess the highest level of personal integrity, value team success over individual achievement, have the ability to contribute significantly to extending a culture of collaboration, both internally and externally, in order to maintain the superior reputation of Trinity Cyber - and enjoy having fun.

Cybersecurity Emerging Threat Analyst

Job Description:

Trinity Cyber is a leading developer and provider of advanced cybersecurity technologies and services. Our breakthrough core technology can deeply, quickly, and precisely interrogate and transform Internet sessions, creating a family of products and services. As a secure edge, our system automatically identifies, neutralizes and transforms malicious Internet traffic in line and at line speed with granularity and precision beyond other cybersecurity technologies. As an API-driven file inspection platform, it delivers sub-second conviction results and metadata to third-party providers like email security and packet capture vendors. It can also deliver rapid file context and content to cybersecurity analysts. Our customers and go-to-market partners are growing and span multiple industries.

Primary Role:

An Emerging Threats Analyst at Trinity Cyber is responsible for digging deep into the world of open source and proprietary threat intelligence. You will work alongside a team of motivated developers, malware analysts, and operators to translate some of the newest and most complex vulnerabilities, exploits, and threats in cyber space into actionable outcomes. You will be responsible for developing analytics, signatures, and heuristics which integrate into Trinity Cyber’s exclusive technology, as well as communicating and documenting such findings within a team environment. We hire the best bloodhounds at Trinity Cyber. This role can be performed remotely.

What You Will Do Includes:

  1. Hunting alongside talented threat researchers to find adversary tactics, techniques, and novel attacks within networks and pivoting that knowledge to prevent them from succeeding.
  2. Utilizing open source research to expand upon current understanding of CVEs, actors, TTPs, malware families, and malicious infrastructure.
  3. Developing analytics, signatures, or rules based on both content and metadata of files.
  4. Taking a unique look at malware and other threats from a holistic perspective, with the goal of detection and mitigation.
  5. Quickly triaging files, scripts, and other malicious code to extract network artifacts.
  6. Evaluating and utilizing threat intelligence to make actionable decisions (open source, paid source, internal telemetry).
  7. Developing and maintaining scripts to interact with internal tooling, query API endpoints, data manipulation, and automation.
  8. Constantly improving your knowledge of the offensive/defensive security community as a whole.

Qualifications & Experience:

  1. The ability to categorize, triage, and analyze network traffic with demonstrated experience using Wireshark and other systems to isolate out anomalous traffic.
  2. Strong analytical and technical skills in Computer Network Operations, Computer Network Defense, and Computer Network Exploitation.
  3. Working knowledge of network-to-application level protocols (TCP, UDP, DNS, TLS, HTTP/S, SMB, etc.).
  4. Experience utilizing a scripting language (preferably Python) to interact with APIs, pivoting through/ cleaning data, and parsing files. Must be able to read a script in common scripting languages and understand their functionality as well.
  5. Demonstrated working knowledge of unix/linux, MacOS, and windows systems.
  6. Comfortability using Atlassian Suite tooling - Confluence, BitBucket and Jira-and functional equivalents.
  7. Experience working in control versioning with git.
  8. Working knowledge of performing queries using lucene or KQL in elasticsearch/kibana.

An Ideal Candidate Would Also Have:

  1. Experience tracking one or more of the following (over multiple months/years)
    • Actors
    • TTPs
    • Malware Families
    • Malicious Infrastructure
  2. Working knowledge of common file structures (CFB, OOXML, EXE, PDF, etc.) and ability to parse them given tooling.
  3. Expert knowledge in various malware and exploit types.
  4. The ability to write Suricata or Snort rules to be deployed to client networks.
  5. The ability to read and parse reporting for context.
  6. The ability to translate technical vocabulary into meaningful, higher level situational awareness.
  7. Simulating DNS with tooling like Inetsim and fakeDNS.
  8. Experience working in an airgapped malware analysis environment.
  9. A Bachelors degree in the area of Science, Technology, Engineering, Math or a related field and have 2 – 4 years of cyber security experience or an equivalent combination. A Masters degree would be plus.
  10. Must possess the highest level of personal integrity, value team success over individual achievement, have the ability to contribute significantly to extending a culture of collaboration, both internally and externally, in order to maintain the superior reputation of Trinity Cyber - and enjoy having fun.

Remote Resident Engineer

Job Description:

Trinity Cyber is a leading developer and provider of advanced cybersecurity technologies and services. Our breakthrough core technology can deeply, quickly, and precisely interrogate and transform Internet sessions, creating a family of products and services. As a secure edge, our system automatically identifies, neutralizes, and transforms malicious Internet traffic in line and at line speed with granularity and precision beyond other cybersecurity technologies. As an API-driven file inspection platform, it delivers sub-second conviction results and metadata to third-party providers like email security and packet capture vendors. It can also deliver rapid file context and content to cybersecurity analysts. Our customers and go-to-market partners are growing and span multiple industries.

Primary Role:

To be a dedicated engineering resource and problem solver supporting a major, multi-national customer (or customers), ensuring Trinity Cyber technology enabled services are properly installed and configured and that production and service delivery is achieved and maintained. Provide technical and product expertise, design guidance, and troubleshooting support to Customer and Company teams to include being on-call at night and on weekends for emergency customer support. Work closely with Trinity Cyber’s Sales, Customer Support, Analysis and Engineering teams to achieve common goals. This role can be performed remotely, may involve occasional travel.

What You Will Do Includes:

  1. Be the expert on Trinity Cyber’s system supporting the customer. This includes data flow, system health and performance, and system configuration but may also include security posture and threat prevention performance.
  2. Respond as first line of assistance when the customer is unable to solve problems on their own – provide initial root cause analysis for discovered issues. Proactively escalate to appropriate Trinity Cyber staff if the issue cannot be resolved locally.
  3. Assist the customer with day-to-day operational support, systems troubleshooting, and various service enhancements.
  4. Plan for and notify the customer of system software upgrades, including conducting impact analysis. Educate customer on new features.
  5. Be a technical liaison between the customer and Trinity Cyber engineering and analyst teams.
  6. Review designs, documentation, and other changes with appropriate stakeholders within Company and the customer and incorporate improvement feedback.
  7. Use scripting and/or programming skills to automate routine procedures, generate custom data analysis, or provide integration.
  8. Understand customer’s use of, reliance on, and desires of Trinity Cyber’s products and services. Regularly relay this information to the Trinity Cyber product and customer success teams for new feature development and customer care support.
  9. Develop and maintain in-depth technical and product knowledge of Company solutions.
  10. Contribute to development and automation of internal tooling during downtime.

Qualifications & Experience:

An ideal candidate would possess the following combination of skill sets:
  1. MUST be able to program in Python to automate network management.
  2. Able to read and follow C++ code to assist core engineering with trace debugging as required to address customer issues.
  3. Familiarity with multi-developer environments, version control (git), agile configuration management and code review, etc., would be beneficial.
  4. Strong ability to self-prioritize workload based on company objectives, customer requests, and the potential for unforeseen externalities.
  5. Ability to exercise critical thinking and creative problem-solving skills while making reasonable assumptions, including when and how to validate them, when readily available information may be disjointed or missing.
  6. Experience working with customers, consultants and team leads, navigating customer’s internal processes and controls.
  7. Able to digest internal technical findings and present them to the customer in a clear, concise, and tactful manner.
  8. Proven history of effective customer communication under emergency outage conditions.
  9. Able to determine logical and physical traffic flows in complex networking environments.
  10. Familiarity with industry standard security concepts: policy controls, threat prevention, IoCs vs content-based approaches, Mitre ATT&CK framework, etc.
  11. Triage, remediation, and RCA of non-specific customer experience issues.
    1. Clarification, data collection, and hypothesis formation.
    2. Multi-environment PCAP, log, and metrics collection and analysis.
  12. Have a well-rounded understanding of all OSI layers and an in-depth understanding of fundamentals from network to application for major internet protocols and services:
    1. L1, L2. and L3 networking.
    2. Firewalls - multiple vendors, load balancers, and ADCs.
    3. SSL decryption (F5 SSLO, PANW NPB), certificate pinning, CA chain management.
    4. Network applications: HTTP(S) servers and browsers, load balancers, SSH/FTP/SMTP/SNMP/etc. servers and clients.
  13. Use of networking troubleshooting tools: ping, tracert/tracepath, nmap, tcpdump/wireshark, netcat, tcpkali, netstat/ifconfig/arp/arping/iproute2, openssl CLI, iperf, certutil, keytool, etc.
  14. Familiarity with technologies and processes employed by Trinity Cyber: Juniper/Junos (QFX5K), Palo Alto Networks (NGFW, Panorama), Linux (RHEL 7/8/9 derivatives), ELK stack, TIG stack, F5 BIG-IP SSLO/BIG-IQ Atlassian suite (Jira/Confluence/Bitbucket), Puppet, Foreman, Nautobot, agile development methodologies.
  15. Bachelor’s Degree in Information Technology or related field and approximately ten years of industry experience is preferred. In lieu of a degree, a combination of education and related years of work experience that provides the necessary skills and knowledge to perform the essential job functions would be acceptable.

The preferred candidate would also have some of the following knowledge and experience:

  1. Mix of ISP, MS(S)P, data center, campus/wireless, and public cloud experience.
  2. Familiarity with Overlay Networking technologies (EVPN/VXLAN, EVPN/MPLS, VMware NSX-T).
  3. Kubernetes Administration.
  4. Some knowledge of multiple vendors and device types not used by Trinity Cyber but used by our customers (Cisco, Arista, Fortinet, Checkpoint, A10, etc.)

All candidates must possess the highest level of personal integrity, value team success over individual achievement, have the ability to contribute significantly to extending a culture of collaboration, both internally and externally, in order to maintain the superior reputation of Trinity Cyber - and enjoy having fun.