Tetragon Threat Detection Engineer - Isovalent
Cisco Systems, Inc., Berkeley, CA, United States
About this role:
Cilium Tetragon is a flexible, Kubernetes‑aware security tool, with real‑time observability and enforcement. Leveraging the power of eBPF, Tetragon offers a low‑overhead, in‑kernel solution that enhances security posture by monitoring system behaviors such as process executions, system call activities, and both network and file access events.
Tetragon Threat Detection Engineers primarily focus on creating and maintaining
Tetragon runtime security policies, based on the latest threat intelligence, vulnerability disclosures, and their own research.
Policies can act either as a mitigation to known vulnerabilities or as monitoring and protection against unknown security issues.
What you’ll do:
Develop and maintain Tetragon runtime security policies to ensure customers have good visibility of suspicious activity on their infrastructure and are protected against the latest emerging threats
Help design frameworks and architectures that allow customers to easily consume policies and understand their overall security posture
Monitor vulnerability disclosures (CVEs) and the latest threat intelligence to develop Tetragon runtime security policies
Work with software engineers at Isovalent and Cisco to improve and enhance the capabilities of Tetragon security policies
Interact with solution architects and customers as necessary to support and deploy Tetragon security policies in production
Publish content and give talks based on your work
Minimum Qualifications:
3+ years of experience in threat and/or vulnerability research
3+ years of experience in developing security detections at scale, for use in a wide range of environments
3+ years of experience working on Linux system security (e.g., capabilities, LSMs, etc.)
Good communication skills, both written and verbal
Preferred Qualifications:
Experience with eBPF (extended Berkeley Packet Filter) and its applications in security.
Experience with the cloud-native ecosystem (containers, Kubernetes, etc.) and their Linux implementation (e.g., Linux cgroups, namespaces)
#J-18808-Ljbffr
Cilium Tetragon is a flexible, Kubernetes‑aware security tool, with real‑time observability and enforcement. Leveraging the power of eBPF, Tetragon offers a low‑overhead, in‑kernel solution that enhances security posture by monitoring system behaviors such as process executions, system call activities, and both network and file access events.
Tetragon Threat Detection Engineers primarily focus on creating and maintaining
Tetragon runtime security policies, based on the latest threat intelligence, vulnerability disclosures, and their own research.
Policies can act either as a mitigation to known vulnerabilities or as monitoring and protection against unknown security issues.
What you’ll do:
Develop and maintain Tetragon runtime security policies to ensure customers have good visibility of suspicious activity on their infrastructure and are protected against the latest emerging threats
Help design frameworks and architectures that allow customers to easily consume policies and understand their overall security posture
Monitor vulnerability disclosures (CVEs) and the latest threat intelligence to develop Tetragon runtime security policies
Work with software engineers at Isovalent and Cisco to improve and enhance the capabilities of Tetragon security policies
Interact with solution architects and customers as necessary to support and deploy Tetragon security policies in production
Publish content and give talks based on your work
Minimum Qualifications:
3+ years of experience in threat and/or vulnerability research
3+ years of experience in developing security detections at scale, for use in a wide range of environments
3+ years of experience working on Linux system security (e.g., capabilities, LSMs, etc.)
Good communication skills, both written and verbal
Preferred Qualifications:
Experience with eBPF (extended Berkeley Packet Filter) and its applications in security.
Experience with the cloud-native ecosystem (containers, Kubernetes, etc.) and their Linux implementation (e.g., Linux cgroups, namespaces)
#J-18808-Ljbffr