Logo
Qualys

Sr. Security Signature Engineer

Qualys, Jackson, Mississippi, United States,


Sr. Security Signature Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!As a Sr. Security Signature Engineer you will be part of an engineering team that is responsible for the research, development and delivery of compliance signatures for product - Policy Compliance (PC). In this team you will work on numerous security standards like CIS, NIST, DISA, PCI-DSS and help customers assess the database configurations and compliance.Responsibilities:Research and Develop signatures to identify non-compliant OS security settings in the areas of Unix/Linux, Windows, Application Software that will be processed by the Qualys engine to collect data from target machines that are being audited.Hardening and Configuration of end-points, ranging from Operating systems to Database to Application software such as Apache Http Server, Microsoft IIS, Oracle DB, etc.Provide subject matter expertise to internal core engineering and infrastructure teams.Qualifications:BS/MS in Computer Science or a related field with 3+ years experience.Strong understanding of common protocols such as HTTP(s), TCP/IP, SSH, DNS, TLS/SSL.Proficient in Shell and Python scripting language, knowledge of programming in the Unix/Linux/windows environment.Proficient in Regular Expressions.Experience with installation, configuration and administration of applications on Windows/Linux/Unix platforms such as MS office, MS IIS, Apache Tomcat, Docker, Kubernetes.Windows system administration experience including system configuration and in-depth under the hood working of: Local security Policy, Domain Security Policy, WMI, GPO, User Account Control, User Rights, Account policy, Audit policy, Event Log, Windows Firewall, Updates and various security Options.UNIX system administration experience including system configuration and in-depth under the hood working of: Secure Boot Settings, TCP Wrappers, IPtables, Logging and Auditing, syslog, auditd, logrotate, cron, PAM, File permissions, user and group settings.Experience with administration of network device technologies such as Cisco/Juniper/Aruba.Experience of working with SVN, GIT and bug tracking tools (JIRA).Pluses:Knowledge on Security benchmarks like CIS or SCCM, DISA and STIG.Knowledge of Cloud Platforms (AWS, Azure, GCP, etc.).Understanding of Lua.Familiarity with Packet Capturing and Analysis.Knowledge of Security techniques.

#J-18808-Ljbffr