Responsibilities
In this position, you will primarily be researching, and developing, new signatures, fine-tuning existing signatures and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product. Outstanding problem-solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.
Required Skills:
* 3 years of industry experience in web application security
* Create exploits, proof-of-concept for web application vulnerabilities
* Research and publish new vulnerabilities
* Strong JavaScript programming skills
* Knowledge of HTTP protocol (Requests, responses, Cookies, etc.)
* Understanding of web application vulnerabilities, OWASP top 10
* Exposure to DAST/BlackBox tools
* Web application security scanning tools like BURP/ZAP, SQLMap, CURL
* Experience with network analysis tools, and analysis of packet captures.
* Proficient with regular expressions.
* System administrator experience on Windows or Unix platforms.
* Strong analytical and problem-solving skills
* Strong attention to details
* Passion for web security
* Team player
* Ability to work independently and self-learnerGood to have
* Experience with scripting languages, including Python and Bash
* Understanding of JAVA programming
* Experience with selenium, postman scripting
* Experience with Metasploit/Nessus exploits (especially HTTP-related)
* Experience with web application firewalls (WAF) rules, ModSecurity
* Exposure to WEB 2.0, XML/XPath, JSON, Swagger
* Database/SQL knowledge
* Experienced in the use of various scanners and open-source security tools.
* Experience in developing security-related tools/programs.
* NMAP, experience/knowledge of NASL or NSE scripts, Certifications like CEH or OSCP