Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Qualys is looking for threat researchers who can leverage their experience and expertise to identify and analyze threats, produce original research publications, and work with engineering teams to provide a feedback and related insights into a multitude of Qualys products.
You will be a member of the Qualys Threat Research Team, a team of security researchers working together to solve security challenges in new and innovative methods. The team is responsible for leading and conducting research related to adversary attack tactics and techniques, threat actor groups and campaign activity. The primary output of the Threat Research Team is security content for Qualys products, blog posts, and conference presentations via researching the latest tactics, techniques, and procedures leveraged by adversaries. The Threat Research Team also works closely with the security, malware research, product, and engineering teams to develop novel protection strategies against emerging cybersecurity threats.
Responsibilities:
Monitor, analyze and research emerging cyber threats, vulnerabilities, and exploits to identify novel TTPs and their related mitigations.
Produce and test rules for hunting and enrichment (Yara, etc.)
Analyze threat attack life-cycle including its behavior, modus operandi and objectives.
Follow an exhaustive approach involving intelligence collection, signature creation, and initial malware analysis.
Research new methods and technologies to detect cyber threats, identify signals, and design approaches to use these signals to identify security threats and security breaches.
Develop tools to automate and scale detection and response activities
Writing detailed technical blog posts about the threats and TTPs discovered.
Collaborate with other teams in developing and adding cross-product intelligence.
Educational Qualifications:
E./B.Tech/M.Tech Computer Science/MCA/MCS from a reputed institution.
Certifications in Computer Security domains are desired.Experience:
7 years of relevant technical experience
Technical Qualifications:
Expertise in MITRE ATT&CK and EDR/XDR technologies.
Experience with threat hunting, incident response, or security operations
Experience with common threat intelligence tools, such as VirusTotal, Shodan, etc.
Understanding of security controls, forensics, kill chain analysis, risk assessment and security metrics.
Ability to perform initial static and dynamic malware analysis.
Understanding of reverse engineering techniques.
Knowledge of networking and the TCP/IP stack.
Knowledge of programming or scripting languages.
Knowledge of networking protocols and application file formats like PDF, Office files, and operating system internals.Soft Skills:
Excellent written and verbal communication.
'Can-do' attitude and great problem-solving skills.
Adapt to changing priorities and quickly come up with innovative solutions.
Take initiatives and work with minimal supervision.
Act as a go-to person for your area of expertise.
Skills Required
- 7 years of relevant technical experience
- Expertise in MITRE ATT&CK and EDR/XDR technologies
- Experience with threat hunting, incident response, or security operations
- Understanding of security controls, forensics, kill chain analysis, risk assessment and security metrics
- Ability to perform initial static and dynamic malware analysis
- Understanding of reverse engineering techniques
- Knowledge of networking and the TCP/IP stack
- Knowledge of programming or scripting languages
- Knowledge of networking protocols and application file formats
Qualys Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Qualys and has not been reviewed or approved by Qualys.
-
Affordable Benefits — Benefits costs are widely viewed as low for employees and dependents, with healthcare often described as almost fully paid for. Feedback suggests this affordability helps offset perceptions of lower base pay in some roles.
-
Healthcare Strength — Healthcare offerings are broad, including multiple medical plan options, dental and vision coverage, mental health support, and disability insurance. Benefits are described as “pretty amazing” or “great,” reinforcing perceived quality and coverage depth.
-
Equity Value & Accessibility — Equity participation is accessible through company stock plans and an employee stock purchase plan. Compensation packages commonly include equity alongside salary and bonus, which some consider a meaningful part of total rewards.
Qualys Insights
What We Do
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com
