In this position, you will primarily be researching and implementing detections for vulnerabilities on all the latest web application technologies.

You will also be expected to fine-tune existing logic and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product.

Efficient problem-solving and troubleshooting skills are necessary, as well as using the latest tools in the industry.

Required Skills :

- 3-5 years of industry experience in web application security

- Create exploits, proof-of-concept for web application vulnerabilities

- Strong JavaScript programming skills

- Knowledge of HTTP protocol (Requests, responses, Cookies, etc.)

- Understanding of web application vulnerabilities, OWASP top 10 in Web Applications, API, and LLMs

- Exposure to DAST/BlackBox tools

- Web application security scanning tools like BURP/ZAP, SQLMap, CURL

- Experience with network analysis tools and analysis of packet captures.

- Proficient with regular expressions.

- System administrator experience on Windows or Unix platforms.

- Strong analytical and problem-solving skills

- Passion for web security and attention to detail

- Experience with scripting languages, including Python and Bash

- Exposure to JAVA programming

- Experience with selenium, postman scripting

- Experience with Metasploit/Nessus exploits (especially HTTP-related )

- Experience with web application firewalls (WAF) rules, ModSecurity

- Exposure to WEB 2.0, XML/XPath, JSON, Swagger

- Database/SQL knowledge

- Experienced in the use of various scanners and open-source security tools.

- Experience in developing security-related tools/programs.

- Ability to work independently

- Published research

- Security certifications