Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable organizations of all sizes to easily and cost-effectively ensure that their business technology systems remain highly secure and within regulatory compliance.
Description:
As a QA Security Engineer you will be part of a motivated engineering team that is responsible for ensuring the quality of the QualysGuard on demand security service. This opening is your chance to work in the rapidly expanding field of computer security, in a pre-IPO company with excellent customer ratings and outstanding growth rates.
Responsibilities
Perform ad-hoc and automated security assessments of the QualysGuard Web Applications as well as the Scanner Engine and Appliance. Develop and run automated tests for web application security testing, penetration testing, security assessment and compliance testing. Analyze results and document findings with automated daily web-based test reports. Bug analysis to reproduce and isolate faults, and perform root cause investigation.
Qualifications:
* Bachelors degree with at least 3 years experience with QA process and methodology
* 1 year of web application security testing with different browsers
* Experience with port scanners like nmap as well as vulnerability assessment tools like nessus
* Experience with Apache web server and web application development
* Must be proficient with HTML, Javascript, XML, HTTP and HTTPS protocols
* Knowledge of relational databases - Oracle 9i and above
* Recent programming experience with one or more of C, SQL, shell and perl required
* Must be a critical thinker with excellent verbal and written skills
Additional Plus Competencies:
* PHP programming a plus
* Security related certifications like CISSP, CEH, etc
* Application Security testing experience with tools such as WebInspect, Kavado, WatchFire, Spike Proxy
* Vulnerability scanning experience with tools like nessus, eEye Retina, ISS Security Scanner
* TCP/IP and network knowledge and troubleshooting
* Network troubleshooting
* Fluent in English and Chinese