Application Security Research Engineer
Qualys 8 reviews - La Défense (92)

This job posting is no longer available on Qualys. Find similar jobs:Application Security Research Engineer jobs - Qualys jobs

This is a rare opportunity to work in a fulfilling role as part of a small team that is breaking new ground in the application security space. Qualys is an exciting - and now public - company with excellent customer ratings and outstanding growth rates. Please note that this is a full-time position in Madison, WI in the United States.


Gather, research, and categorize existing application security knowledge and tools

Keep up-to-date with the application security landscape

Research known security issues in web applications, frameworks, and other relevant web stack components (such as web and database servers)

Research and discover new application security issues, attack and defense techniques

Publish whitepapers and present at security conferences

Design security detection logic for IronBee

Write IronBee rules and signatures


BSc in Computer Science, or a similar degree

Ability to work independently and efficiently, getting things done

Good communicator, with fluent English and excellent verbal and writing skills.

A deep understanding of how the Internet works is essential. You must be familiar with networking protocols—for example DNS, TCP/IP, SSL/TLS, and others

In-depth knowledge of HTTP and the related standards and specifications

Up-to-date knowledge (sufficient to perform source code assessments and understand the security issues) of HTML, JavaScript, Flash, and other client-side technologies

Reasonable programming skills, especially when it comes to scripting. You should be able to write small programs to automate your activities or mine data.

Good understand of cryptography and secure programming

Ability to work on Unix as a primary platform; Windows as secondary

Ability to think like an attacker yet operate as a defender

Additional Plus Competencies

Developer experience - enough to read code in order to understand how an attack functions

Experience in web application developmentExperience in application penetration testing, intrusion detection and prevention systems, or web application firewalls

Exposure to open source, application security communities, and OWASP

Familiarity with data structures, statistics, and machine learning

About this company
8 reviews
Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions...