security
Posted 20 hours agoLead Security Engineer
at Qualys
Pune, IndiaRemote
Responsibilities
- Research new and emerging technologies to identify vulnerabilities and exploits.
- Research zero-day and actively attack vulnerabilities to create signatures to identify vulnerable assets.
- Build automation for day-to-day tasks.
Requirements
- Experience and strong knowledge in penetration testing and vulnerability management. Knowledge and hands on
- experience with several types of security vulnerabilities and attacks such as cross-site scripting, privilege escalation, remote code execution.
- Bachelor's in computer science with 5+ years of
- experience in Information Security domain or Masters in Computer Science or Cyber Security. In-depth knowledge of TCP/IP, HTTP, DNS, FTP, SSH, TLS/SSL, and SMTP protocols.
- Experience with scripting languages, including Python and Bash.
- Experience with network analysis tools, analysis of packet captures. System administrator
- experience on Windows or Unix platforms.
- Additional Plus Competencies Understanding of Lua (preferred), or Python Knowledge of Virtualization software (VMWare, Virtual PC/Virtual Box, XEN, etc.).
- Knowledge of container technologies such as Docker and Kubernetes.
- Experience in developing security-related tools/programs. OSCP and similar certifications.
Additional details
- Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! As a Lead Engineer, Security Signatures you will be part of a Qualys Threat Research Unit that is responsible for the research, development, and delivery of emergent vulnerability signatures .
- This opening is your opportunity to work on a unique security solution in the rapidly expanding fields of penetration testing, vulnerability assessments and cyber security.
- Responsibilities Research and create signatures for the Qualys product to detect vulnerabilities in Industrial Control Systems.
- Excellent written and verbal communication skills.
- Experienced in the use of vulnerability scanners, IDS, and multiple security tools.