Job Description

As a Senior Security Engineer, you will be part of a motivated engineering team that is responsible for the research, development, and delivery of vulnerability signatures in the Qualys on-demand security service. This opening is your opportunity to work in the rapidly expanding field of computer security with a company with excellent customer ratings and outstanding growth rates.
Responsibilities:

• Research and create signatures for the Qualys product to detect vulnerabilities in the areas of Databases, Applications, Operating systems, TCP/IP Protocols, and network devices.
• Research new and emerging technologies to identify vulnerabilities and exploits.
• Research Zero-day and actively attack vulnerabilities to create remote signatures to identify vulnerable assets.
• Build automation for day-to-day tasks.
• Participate in code reviews and contribute to the improvement of the overall signature development process.
• Work with our Customer Support and Research teams to troubleshoot and triage customer issues such as false positives and negatives.

Qualifications:

• 4+ years of industry experience in network and systems security.
• In-depth knowledge of TCP/IP, HTTP, FTP, SSH, SSL, and SMTP protocols.
• Knowledge of OWASP top 10 and familiarity with other web-based attacks.
• Experience with scripting languages, including Python and Bash.
• Experience with network analysis tools, and analysis of packet captures.
• Proficient with regular expressions.
• Knowledge of Container Security.
• Knowledge of different Databases (Oracle, DB2 etc.) and Database Administration.
• System administrator experience on Windows or Unix platforms.
• Strong understanding of VPN, Firewalls, and Intrusion detection systems (IDS).
• Excellent written and verbal communication skills.

Additional Plus Competencies:

• Understanding of Lua (preferred), or Java.
• Knowledge of Virtualization software (VMWare, Virtual PC/Virtual Box, XEN, etc.).
• Knowledge of Cloud Platforms (AWS, Azure, Oracle, etc.).
• Knowledge of container technologies such as Docker and Kubernetes.
• Able to handle projects independently.
• Experienced in the use of vulnerability scanners, IDS, and security tools.
• Experience in developing security-related tools/programs.
• OSCP, CISSP, or SANS GIAC certifications.