Q
Senior Security Research Engineer
full-time•Pune
About this role
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Responsibilities:
Research, analyze, and assess attack surface and vulnerability data
Develop tailored and actionable mitigation strategies and plans to address vulnerability risk
Work with new and emerging vulnerability data to identify potential attack paths in critical systems.
Document, develop and present mitigation strategies in web applications, databases, standalone applications, etc.
Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation
Provide mitigation strategies that prioritize risk against level of effort for multiple systems or organizations
Catalog mitigation advice, challenges, and trends and patterns
Patch diffing and reverse engineering with tools such as Ghidra, IDA, etc.
Provide subject matter expertise on tailored mitigations to resolve and remediate vulnerabilities on targeted technologies
Work in fast-paced startup like environment with shifting priorities to handle and maintain balance with multiple stakeholders.
Conduct research to assess and create software patches and configuration changes to be applied to varied software, middleware and hardware
Provide assessment including security, system, and business impact of vulnerabilities
Must be able to think ahead to avoid business outages based on the lab results
Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and reporting
Desired Skills:
Excellent understanding of network, system and application security
Experience with IDA Pro, Ghidra, or similar binary analysis tool
Knowledge of various vulnerability scanning solutions is a plus
Excellent written and verbal communication
Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background
Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate risk
A solid understanding of industry best practices for Patch Management
Specific demonstrated experience mapping business processes and comparing those processes to industry best practices
Background around using or understanding of security tools would be plus
Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems
Thorough testing of patches in a non-production environment
Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS
Should have very good communication and articulation skills
Ability and ready to learn new technology and should be a good team player
What you get to do:
Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patching vulnerabilities
What you'll do
- Responsibilities include researching, analyzing, and assessing attack surface and vulnerability data to develop tailored mitigation strategies for risks in critical systems. This involves documenting, developing, and presenting these strategies across various platforms like web applications and databases, while analyzing root causes and prioritizing mitigations.
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices.
Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Ready to join Qualys?
Take the next step in your career journey
Frequently Asked Questions
What does a Senior Security Research Engineer do at Qualys?
As a Senior Security Research Engineer at Qualys, you will: responsibilities include researching, analyzing, and assessing attack surface and vulnerability data to develop tailored mitigation strategies for risks in critical systems. This involves documenting, developing, and presenting these strategies across various platforms like web applications and databases, while analyzing root causes and prioritizing mitigations..
Is the Senior Security Research Engineer position at Qualys remote?
The Senior Security Research Engineer position at Qualys is based in Pune, India. Contact the company through Clera for specific work arrangement details.
How do I apply for the Senior Security Research Engineer position at Qualys?
You can apply for the Senior Security Research Engineer position at Qualysdirectly through Clera. Click the "Apply Now" button above to start your application. Clera's AI-powered platform will help match your profile with this opportunity and guide you through the application process.