Senior Web Application Security Signature Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Responsibilities

In this position, you will primarily be researching and implementing detections for vulnerabilities on all the latest web application technologies. You will also be expected to fine-tune existing logic and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product. Efficient problem-solving and troubleshooting skills are necessary, as well as using the latest tools in the industry.

Required Skills:

3-5 years of industry experience in web application security
Create exploits, proof-of-concept for web application vulnerabilities
Strong JavaScript programming skills
Knowledge of HTTP protocol (Requests, responses, Cookies, etc.)
Understanding of web application vulnerabilities, OWASP top 10 in Web Applications, API, and LLMs
Exposure to DAST/Black Box tools
Web application security scanning tools like BURP/ZAP, SQLMap, CURL

Experience with network analysis tools and analysis of packet captures.
Proficient with regular expressions.
System administrator experience on Windows or Unix platforms.
Strong analytical and problem-solving skills
Passion for web security and attention to detail

Experience with scripting languages, including Python and Bash
Exposure to JAVA programming

Experience with selenium, postman scripting

Experience with Metasploit/Nessus exploits (especially HTTP-related )

Experience with web application firewalls (WAF) rules, Mod Security
Exposure to WEB 2.0, XML/XPath, JSON, Swagger
Database/SQL knowledge
Experienced in the use of various scanners and open-source security tools.
Experience in developing security-related tools/programs.
Ability to work independently
Published research
Security certifications