You will be part of a team producing network security intelligence and countermeasures for the benefit of Qualys customers and the Internet community at large. If you worked here last week, you might have: written and tested several WAF rules, researched a web application to create a tailored security profile, and identified potential performance and accuracy improvements in existing security detection logic. Please note that this is a full-time position in Madison, WI in the United States.
Keep up-to-date with the application security landscape
Track new vulnerabilities, creating security logic to accurately detect and prevent attacks
Research known security issues in web applications, frameworks, and other relevant web stack components (such as web and database servers)
Build sets of generic and application specific inspection logic
Monitor inspection systems for performance and accuracy
Research and test methods to increase performance and detection accuracy
BSc in Computer Science, or a similar degree
Ability to work independently and efficiently, getting things done
Good communicator, with fluent English and excellent verbal and writing skills.
A deep understanding of how the Internet works is essential. You must be familiar with networking protocols—for example DNS, TCP/IP, SSL/TLS, and others
In-depth knowledge of HTTP and the related standards and specifications
Reasonable programming skills, especially when it comes to scripting and automation - you should be able to write small programs to automate your activities
Penetration testing experiance
WAF/IDS signature design and maintenance
Qualys - 20 months ago