Job Description

• Pune

Responsibilities
In this position, you will primarily be researching, and developing, new signatures, fine-tuning existing signatures and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product. Outstanding problem-solving and troubleshooting skills are a must, as solutions to many problems might not be obvious. 

Required Skills:

* 3 years of industry experience in web application security

* Create exploits, proof-of-concept for web application vulnerabilities

* Research and publish new vulnerabilities

* Strong JavaScript programming skills 

* Knowledge of HTTP protocol (Requests, responses, Cookies, etc.) 

* Understanding of web application vulnerabilities, OWASP top 10

* Exposure to DAST/BlackBox tools

* Web application security scanning tools like BURP/ZAP, SQLMap, CURL

* Experience with network analysis tools, and analysis of packet captures.
* Proficient with regular expressions.

* System administrator experience on Windows or Unix platforms.  
* Strong analytical and problem-solving skills

* Strong attention to details

* Passion for web security

* Team player

* Ability to work independently and self-learnerGood to have
* Experience with scripting languages, including Python and Bash  
* Understanding of JAVA programming  
* Experience with selenium, postman scripting
* Experience with Metasploit/Nessus exploits (especially HTTP-related)

* Experience with web application firewalls (WAF) rules, ModSecurity

* Exposure to WEB 2.0, XML/XPath, JSON, Swagger 

* Database/SQL knowledge

* Experienced in the use of various scanners and open-source security tools.

* Experience in developing security-related tools/programs.
* NMAP, experience/knowledge of NASL or NSE scripts, Certifications like CEH or OSCP