Qualys - Web Applications Security Engineer

Responsibilities :

In this position, you will primarily be researching and implementing detections for vulnerabilities on all the latest web application technologies.

You will also be expected to fine-tune existing logic and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product.

Efficient problem-solving and troubleshooting skills are necessary, as well as using the latest tools in the industry.

Required Skills :

• 3-5 years of industry experience in web application security
• Create exploits, proof-of-concept for web application vulnerabilities
• Strong JavaScript programming skills
• Knowledge of HTTP protocol (Requests, responses, Cookies, etc.)
• Understanding of web application vulnerabilities, OWASP top 10 in Web Applications, API, and LLMs
• Exposure to DAST / BlackBox tools
• Web application security scanning tools like BURP / ZAP, SQLMap, CURL
• Experience with network analysis tools and analysis of packet captures.
• Proficient with regular expressions.
• System administrator experience on Windows or Unix platforms.
• Strong analytical and problem-solving skills
• Passion for web security and attention to detail
• Experience with scripting languages, including Python and Bash
• Exposure to JAVA programming
• Experience with selenium, postman scripting
• Experience with Metasploit / Nessus exploits (especially HTTP-related )
• Experience with web application firewalls (WAF) rules, ModSecurity
• Exposure to WEB 2.0, XML / XPath, JSON, Swagger
• Database / SQL knowledge
• Experienced in the use of various scanners and open-source security tools.
• Experience in developing security-related tools / programs.
• Ability to work independently
• Published research
• Security certifications

(ref : hirist.tech)