Information Security Co-op
We're looking for smart, motivated individuals to help us in our efforts to keep systems safe. Become a part of the team responsible for literally thousands of computers, all of which are under constant attack from the internet. We need skilled people to help analyze emerging threats, detect hacking attempts, respond to machine compromises, and assist in analyzing the deluge of alerts to find and neutralize real threats on the network. Learn how malware threatens infrastructure, help design and monitor systems to track hackers and learn their techniques. Assist in incident response and digital forensics by doing detective work on compromised systems to find out how they were hacked, and how to lock the bad guys out. Construct firewalls and intrusion detection systems to alert administrators to threats. Look at live systems to find security vulnerabilities - hack the systems and develop fixes to vulnerabilities to better protect servers and applications. Don't just read about the latest virus or 0-day exploit - download the code, test and analyze it to truly understand it. Training will be provided, however prior knowledge of some fields is required. Experience in any of the following skill sets is desirable: linux/unix system administration, c/php/perl/python/shell programming, SQL, firewalls, cryptography, virtualization, tcp/ip networking.
Typical projects our co-ops work on range from intrusion detection system monitoring and incident response to security software and exploit development. The co-op opportunity in ISUS allows interns to become a full fledged member of our security team. We're seeking bright, self motivated individuals capable of carrying out guided tasks as well as designing their own research. From running a honey pot and analyzing attack patterns to investigating malware propagation, the co-op is expected to come up with interesting, unique, experiments and projects to benefit ISUS and the Penn community. We strongly encourage open source research and try to contribute our findings back to the community.
The hardest step in a career in information security is your first job. Experience counts in this field and it's tough to find a position without having already had a job in infosec. The ISUS co-op opportunity will give you the experience and knowledge necessary to enter the exciting, dynamic, and challenging field of information security. The University of Pennsylvania is committed to educating the next generation of information security workers to meet the growing global demand. Become part of one of the most exciting fields in modern computing by joining our team.
- Understanding of Linux and Unix environments including the BASH shell, system configuration, service management, compiling binaries from source, file manipulation and log management. Ability to use Linux at the command line is essential.
- Programming competence in at least one of the following languages: C, Java, PHP, Perl, Python. Projects cover several different languages and the coop must be able to learn new languages and adapt to new frameworks and APIs. Familiarity with MVC design, object oriented programming as well as proceedural programming required.
- Some experience with a RDBMS and basic understanding of SQL.
- Understanding of networking, specifically TCP/IP protocols.
- Basic understanding of and some familiarity with encryption.
The information security co-op is responsible for a number of day to day tasks that support the information security and unix systems (ISUS) group. These include, but are not limited to:
- Maintaining situational awareness including following up on new vulnerability and exploit announcements culled from mailing lists and news sources.
- Monitoring intrusion detection system (IDS) alerts and investigating suspicious activity. This task includes coordinating with other ISUS staff to deploy and tune the IDS and responses. This task helps familiarize the co-op with our infrastructure as well as common threats facing the University systems.
- Assisting in product evaluation. This includes both open and closed source product deployment, staging, and testing. Often this involves writing best practice documentation or other reports. In the past this has also included assisting in developing custom installation scripts and MSI packages.
- Security code review and penetration testing of products proposed for installation on central servers. This process involves auditing code for vulnerabilities, reporting problems to vendors, tracking response, and releasing findings to the Full Disclosure mailing list. See http://www.securityfocus.com/archive/1/508586/30/120/threaded for an example of a software vulnerability discovered by one of our coops, Martin Barbella.
- Assisting in application development by helping ISUS programmers develop and maintain security related software for management, incident tracking, intrusion detection and metrics gathering.
- The co-op is also a vital part of the ISUS incident response team. Whenever an information security incident is detected the co-op will help with the analysis, response, and mitigation that follows. This involves digital forensics and analysis, brainstorming solutions, and examining failures in current information security architecture.
What We'll Provide
Training is also provided to the co-op. This usually involves weekly lecture style learning as well as project exercises. These exercises are designed to be carried out independently by the co-op. They usually involve a capture the flag type scenario where the supervisor sets up a testing environment and the co-op is expected to discover, analyze and exploit vulnerabilities in that environment. Once the exercise is complete the co-op must present an analysis of the problems in the target systems and discuss potential solutions or mitigation to the types of vulnerabilities presented in the exercise. Through these exercises you'll learn:
- TCP/IP protocol weaknesses, common vulnreabilities, and how to exploit these as well as detect and defend against attackers using these techniques.
- Web application flaws and how attackers can use them to take over a web server.
- How encryption can be used to hide secrets and verify the authenticity of communications.
- Reverse engineering security patches to discover unpublished exploits in code.
- Weaponizing vulnerability exploits to demonstrate impacts on real world software deployments.
- Threat modeling to determine how best to defend assets.
- Use of virtualization for product testing and malware analysis.
- And much, much, more.
Our next hiring cycle corresponds to the Drexel University coop hiring schedule. More information can be found at http://www.drexel.edu/scdc/events/emp-coop-calendar.html.