Cisco ThreatGRID has a senior appliance engineering opening


ThreatGRID* is a dynamic malware analysis platform: Given a suspected malware sample, we spin up an instrumented virtual machine, run that sample (recording syscalls and other behavior from within the VM), and then analyze the observed behavior. We have some senior openings in the team building the appliance version of the product (sold as a box customers can install in their own datacenters).

For the appliance, we use NixOS for our build system; generate signed, read-only filesystem images (I’m working on getting the technical details ready to publish, but it’s inspired by / leans heavily on work done by Google for ChromeOS); and our shipping product ships a Nix store with components that aren’t shared in common with the cloud product (while following the cloud’s platform choices elsewhere). We’re very big on making pragmatic use of functional programming – large parts of the core application are written in Clojure – while the larger stack is quite heterogeneous (lots of Go).

There are two QA labs, one in Austin and another in Calgary; but being located near one is not a requirement – our team is historically distributed within the US and Canada; there are good tools for remote access to the lab hardware, and staff available when hands-and-eyes are needed.

If the above sounds like an interesting/fun stack, and you have experience building or working with cluster management automation (multiple appliances can be clustered together into a higher-capacity unit) or otherwise a background that’s appropriate to building self-maintaining systems (including a strong command of Linux behavior at boot time and under-the-hood: our boot chain includes a stage-1 built from NixOS’s initramfs – though a rewrite in Go or Rust would be welcome some day – and debugging customer escalations often involves syscall-level tracing), I’d love to hear from you! Submissions made through Cisco Jobs will reach me promptly, or folks are welcome to reach out out-of-band for more details.

(*) Formally, the product is now “Cisco Secure Malware Analytics Appliance”, but for old-timers it’s still ThreatGRID.