Job: Network Security “Mad” Scientist in Columbia, MD

Just loved this job req so we had to repost it… Sourcefire is looking for someone to join their team as a network security scientist. It seems like a fantastic opportunity for almost anyone at any skill level. They offer flexible hours and a laid back working environment. Plus, if you can find the time, there’s even support for some personal research on company time as long as your work gets done. Definitely sounds like a fun place to work…

And don’t forget … if your organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details. Well anyway … on to the job post.


Network Security (Mad) Scientist


Columbia, MD

Company Name


Job Description

Seeking (Mad) Scientists

I love my job.

I’m not just saying that to get you to apply to work with me, either. I’m saying it because, when I’m working on something important for the office, it’s generally fascinating and meaningful at the same time. When I’m not traveling the planet, rolling into parking spaces with my name on them, using science for good and hilariousness at the same time, or collecting aerial photos from my latest airplane seat, I’m back at home, working with the federal government on issues around national cybersecurity policy, talking to important clients at banks, utilities, retailers, manufacturers, and the like who are actually under real, live attack by adversaries as diverse as Anonymous and state-sponsored “real” APT (as in the really good, really smart kind with lots of time and resources, not the “slap these letters on the side of the box to sell more products” kind). One of my co-workers – a former physicist for Johns Hopkins’ Applied Physics Lab, which is 5 minutes from the office – is giving me his beer-making equipment because it’s taking up too much space at his place, and he feels I’m “most likely to make awesome” with it. I am strongly encouraged (and often required) to think in completely novel ways, to ask questions no one has ever asked before, and to push the frontiers of mankind’s understanding of malware, networked communications, and the implications of computer security on 21st-century society, on a regular basis – and am then provided with the resources necessary to actually answer those grand questions. I’ve even got a giant soapbox I’m being pushed to stand atop – a bully pulpit for good and intelligence in the face of chaos and stupidity that is the modern Internet.

The only problem is, I need 48 hours in a day to keep up with all the awesome work I’m doing lately, and I desperately need help – preferably yours, if you meet my requirements below. I need this help ASAP – if I do another year of 100,000 miles on the Star Alliance (I could have flown the Moon by now with my travels since February of 2009), something inside me will die, and then I wouldn’t be any fun to work with any more.

Before you see if you’re qualified, I want you to decide if you’re interested in the sorts of things you’ll be doing if you join me in my role with Sourcefire’s VRT (yes, the ones who work directly with the Snort IDS developers on new features, write the Snort Blog, run the ClamAV project, and push the boundaries of data analysis, distributed infrastructures, and computer science through the Razorback project). Here are some of my goals and projects for 2013:

  • Coordinate team speaking engagements and sales-related travel totalling at least 50 conferences spoken at or attended, and at least 25 countries around the world. Past speaking engagements have included conferences like Defcon, Hack in the Box, CanSecWest, Hackers2Hackers, CARO, Kiwicon, and Ekoparty – where the VRT is likely to be hosting this year’s speaker dinner in a mini-villa complete with grills, a heated pool, and big-screen splendor. Speak at some of the coolest, most interesting conferences on the planet, presenting research that keeps attendees buzzing with how awesome my talk was even after the conferences have finished.
  • Continue providing high-quality content for the weekly SANS @RISK newsletter, which currently boasts a quarter-million subscribers, including some of network seucrity’s most influential professionals. I desperately need more people who can stay on top of breaking news in the space and help separate out the most important new issues impacting the public, in order to ensure that wherever possible detection is created for these new threats, system administrators are assisted in their self-protection efforts, and that people understand the seriousness of the threats they face today.
  • Ensure that at least 75 high-quality posts are published on the VRT blog during the year. These posts will be writeups of interesting findings from everyone on the team, including things like breakdowns of the latest exploit kits, in-depth malware analyses, announcements of newly discovered vulnerabilities (responsibly disclosed and coordinated, of course), observations of the challenges and best practices involved in running a global cloud infrastructure, etc.
  • Help get the VRT Exploit Development Class on the road again, with anticipated stops in Tokyo, Europe, and possibly others.
  • Fully flesh out my newly written Android sandboxing infrastructure, as we work with major cellular carriers to assess, respond to, and mitigate the threats of the rapidly growing sphere of Android malware. This will work in conjuncntion with upgrades to my regular Windows sandbox, which at over 7 million samples analyzed and approaching 3TB of network data captured may be the largest running experiment of its type in the world.
  • Understand and write network-level detection for a wide range of SCADA protocols, such as IEC 60850, Tibco, etc. Fuzz out at least one vulnerability in a SCADA protocol or HMI, attempt to responsibly disclose it to the impacted vendor, and document the process.
  • Work with academia around the world as a consultant on computer-security courses and helping students transition into industry. This includes preparing a guest lecture for Dartmouth (I’ve been invited by a fellow speaker from a conference this year who’s a professor there); working directly with professors at local schools like UMBC and far-flung ones like Politecnico di Milano; and hopefully getting a proper academic paper accepted for publication this year at DIMVA Berlin.
  • Expand the scope and reach of the intelligence-sharing program that I run out of the department, which currently works with approximately 75 Sourcefire customers including government entities, brand-name multinational corporations, universities, etc. This includes interpreting live intelligence data, sometimes from military-industrial sources and providing realtime incident response; confirming, dissecting, and detecting actual zero-day attacks; working with a global network of IDS systems deployed on a diverse set of live environments to improve existing detection and conduct expderiments that may provide radical breakthroughs in the ability to detect malware at a generic level; and presenting the results of my findings in varying levels of detail and secrecy, from directed, exclusive briefings for selected in-the-know partners to global, mass audiences.
  • Work much more closely with Sourcefire’s FireAMP cloud anti-malware group.
  • Continue to push the VRT’s branding dominance globally in conjunction with our awesome marketing team, who do things like give us cash to smash printers Office-Space style, or encourage us to videotape things like filling co-workers’ cubicles with balloons, designing and launching Rocket Pigs, or our hilarious vulnerability reports, which included Photoshop jokes, news ticker hilarity, and some actual serious infosec news while we were at it. This also includes taking advantage of my wife’s newly-acquired art studio space at nearby Savage Mill to design things like our team’s “Viva El Veep!” Che Guevara parody shirts and flag (or, you know, have her design them, since she’s the one who came up with that particular bit of awesome).
  • Have some fun with my spam collection project, and maybe use it for research presentation fodder.

What exactly would you be doing out of all this, you ask? That depends – on your skill level, your enthusiasm, and your interests. I need help with basically every facet of the above, and the more of it you can jump into and hit the ground running, the better. If you can help me hire a second person to work with you as an equal on the team (I’m lead – yes, you’ll be reporting directly to me), or even just anyone who can help fill one of our several open slots on the VRT generally (you can check our corporate jobs listing page, but it’s often out of date given how fast we’re hiring), all three of us will be in a better position to pick and choose exactly what we want to do, how much of it we do, and when we do it. Oh, and yes, you get to keep your frequent flier miles (I’ve traveled extensively with mine for personal pleasure), hotel points, and within reason, hang out in the location that work has flown you to for a while with your spouse/kids/friends/etc. We’ve even got interns we can abuse for fetching breakfast burritos (with coffee, of course), tedial systems administration tasks, and the like.

I’m looking for one or more people who have read all of the above and is/are genuinely excited at the prospect of joining me in 2013 as a network security scientist, whether in an entry-level role or in a more established, mid- to senior-level position. Qualifications will vary depending on the position level being sought; note that they are not 100% hard-and-fast disqualifiers, either, but guidelines to help make sure that we’re on the same page. Successful applicants will include a resume, pointers to or copies of some of their previous work, and a cover letter explaining why they’re suitably awesome for the position. For entry-level applicants, potential and drive are very relevant, even outside of network security specifically; I was lucky enough to get this job in part because of my volunteer work with the Mars Society (whose University Rover Challenge is something I’ll likely be helping with again this year).

All applicants should have the ability to laugh at XKCD (bonus points if you name your favorite panel, and say why it’s your favorite), discuss some branch of science and/or math in reasonable detail, and enjoy playing the role of mad scientist every so often. You will also need to deal with customers directly on a regular basis, so you must be patient and able to handle occasional bits of stupid. Finally, you must also work in the Columbia, MD office (at least 3 days a week for mid- to senior-level folks, full-time for entry-level); sorry, I got burned by people who said they could telecommute last time I tried this, I need either locals or people willing to relocate (which several team members have happily done lately). We make up for this somewhat corporate, boring town by having no dress code beyond “please dress”, flexible hours (as long as your work gets done, we don’t much care), regular “Beer Fridays”, and a corporate culture that includes support for some personal research using company time and resources, provided that you’re still sufficiently awesome at your day job in the process. There is as much opportunity for advancement as you’re interested in and competent to take advantage of. Salaries will of course be dependent on experience, though I can say from personal experience that they’re sufficient to live a comfortable life even in the Baltimore/Washington region, particularly thanks to the company’s generous ESPP and other stock-related programs (we’re FIRE on the NASDAQ, for those who want to do their due diligence). Sourcefire is an equal opportunity employer (of awesome people), and while people with American passports require less paperwork, we’re accepting applications from those legally allowed to work in the United States under any visa – it might just take some time with the lawyers if you’re not a citizen.


Entry-level applicants should possess at least 50% of the following qualities:
  • Systems administration experience (even at the home networking level) with Windows, Linux/BSD, and/or Mac
  • Programming experience in any of C/C++/C#, Perl, Python, Java, Ruby, Bash, Pascal, (Visual) Basic, x86 or RISC Assembly, etc.
  • Android development experience
  • Knowledge of and/or experience with VMware, especially server varieties
  • Solid understanding of networking infrastructure, including switches, firewalls, wireless, etc.; experience with OpenWRT, Wifi Pineapples, or other infrastructure/sniffing tools is a major bonus
  • Public speaking/debate/writing experience sufficient to ensure that you are an eloquent communicator regardless of the medium
  • Ability to speak a language besides English at a functional level (enough to navigate a foreign city in that language and/or read/write it at a reasonable pace with the help of the Internet), with strong preference given to those with reading and writing skills in Russian, Arabic, and/or Chinese (likely Mandarin, other major dialects are cool)
Mid- to senior-level applicants should possess at least 50% of the qualities outlined in this more stringent list:
  • Experience presenting at a network security conference, including local affairs with 50 or more attendees; bonus points if we’ve ever spoken at the same conference, even if it wasn’t the same year
  • One or more published papers in respected network security publications (including major projects’ blogs, like Metasploit’s), including informal write-ups if they are sufficiently detailed.
  • Have documented proof of having discovered a new vulnerability in any product, especially if they worked with the vendor at all on disclosure. Bonus points if you got a CVE for it, or an acknowledgment in the official vendor patch.
  • Experience with automating mundane tasks on a large scale, regardless of language or environment of implementation
  • Experience with the Bugzilla bug tracking suite
  • Experience with the Snort IDS, at least in passing. If you haven’t been responsible for running it or a Sourcefire product somewhere before the interview (including setting it up on a VM at home the night before), you’re disqualified.
  • Strong knowledge of TCP/IP, as well as one or more major protocols that ride atop it like HTTP, DNS, SMTP, etc.
  • Knowledge of Perl-compatible regular expressions, preferably in depth.

About Sourcefire

The Sourcefire VRT® (Vulnerability Research Team) is a group of elite cyber security experts dedicated to serving both Sourcefire commercial customers and open source users. The Sourcefire VRT was founded on one core objective: “Protecting ‘Your’ Network.” While this may sound simplistic, in reality it is quite complex. Every network is different- from the applications running on it, to the users who work on it, to the policies that govern it. This is why the Sourcefire VRT believes that in order to be effective in helping you protect “your” network, we have to be more than just a traditional response organization; we have to be a proactive member of your security ecosystem.

Follow-Up Contact Information

For additional information and to apply, head on over to its requisition.


You can find more career opportunities over on our Job BoardHead on over there for all the details. Today’s post image is from the good folks over at

2 comments for “Job: Network Security “Mad” Scientist in Columbia, MD

  1. April 6, 2013 at 9:04 pm

    BLOGGED: Job: Network Security “Mad” Scientist in Columbia, MD

  2. April 6, 2013 at 9:39 pm

    #Cybersecurity Job: Network Security “Mad” Scientist in Columbia, MD #ITsecurity #Infosec

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.