Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
As a Security Signature Engineer, you will be part of a motivated engineering team that is responsible for the research, development, and delivery of vulnerability signatures in the Qualys on-demand security service. This opening is your opportunity to work in the rapidly expanding field of computer security with a company with excellent customer ratings and outstanding growth rates.
Responsibilities:
Research and create signatures for the Qualys product to detect vulnerabilities in the areas of Databases, Applications, Operating systems, TCP/IP Protocols, and network devices.
Research new and emerging technologies to identify vulnerabilities and exploits.
Research Zero-day and actively attack vulnerabilities to create remote signatures to identify vulnerable assets.
Build automation for day-to-day tasks.
Participate in code reviews and contribute to the improvement of the overall signature development process.
Work with our Customer Support and Research teams to troubleshoot and triage customer issues such as false positives and false negatives.
Qualifications:
3+ years of industry experience in network and systems security.
In-depth knowledge of TCP/IP, HTTP, FTP, SSH, SSL, and SMTP protocols.
Knowledge of OWASP top 10 and familiarity with other web-based attacks.
Experience with scripting languages, including Python and Bash.
Experience with network analysis tools, and analysis of packet captures.
Proficient with regular expressions.
Knowledge of Container Security.
Knowledge of different Databases (Oracle, DB2 etc.) and Database Administration.
System administrator experience on Windows or Unix platforms.
Strong understanding of VPN, Firewalls, and Intrusion detection systems (IDS).
Excellent written and verbal communication skills.
Additional Plus Competencies:
Understanding of Lua (preferred), or Java.
Knowledge of Virtualization software (VMWare, Virtual PC/Virtual Box, XEN, etc.).
Knowledge of Cloud Platforms (AWS, Azure, Oracle, etc.).
Knowledge of container technologies such as Docker and Kubernetes.
Able to handle projects independently.
Experienced in the use of vulnerability scanners, IDS, and security tools.
Experience in developing security-related tools/programs.
OSCP, CISSP, or SANS GIAC certifications.
Top Skills
What We Do
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com