Web Application Security Signatures Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Responsibilities 
In this position, you will primarily be researching and implementing detections for vulnerabilities on all the latest web application technologies. You will also be expected to fine-tune existing logic and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product. Efficient problem-solving and troubleshooting skills are necessary, as well as using the latest tools in the industry.

Required Skills: 
 
* 3-5 years of industry experience in web application security 

* Create exploits, proof-of-concept for web application vulnerabilities 

* Strong JavaScript programming skills 

 * Knowledge of HTTP protocol (Requests, responses, Cookies, etc.)  

* Understanding of web application vulnerabilities, OWASP top 10 in Web Applications, API, and LLMs 

* Exposure to DAST/BlackBox tools 

* Web application security scanning tools like BURP/ZAP, SQLMap, CURL 

* Experience with network analysis tools and analysis of packet captures. 

* Proficient with regular expressions. 

* System administrator experience on Windows or Unix platforms.   

* Strong analytical and problem-solving skills 

* Passion for web security and attention to detail

* Experience with scripting languages, including Python and Bash   

* Exposure to JAVA programming   

* Experience with selenium, postman scripting 

* Experience with Metasploit/Nessus exploits (especially HTTP-related ) 

* Experience with web application firewalls (WAF) rules, ModSecurity 

* Exposure to WEB 2.0, XML/XPath, JSON, Swagger  

* Database/SQL knowledge 

* Experienced in the use of various scanners and open-source security tools. 

* Experience in developing security-related tools/programs. 

* Ability to work independently 

* Published research  

* Security certifications