Senior Security Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

As a Senior Security Engineer at Qualys, you will play a critical role within our Cyber Fusion Center, driving the design, engineering, and optimization of our defense platforms while leading key initiatives in security engineering, threat detection, and incident response to elevate our platform and corporate security monitoring capabilities.

You will lead the Incident Response (IR) program during US hours, coordinating with SecOps, Legal, and other internal teams at Qualys based on the nature of each incident. You will serve as the primary point of contact for customer communications, initiate external investigations when necessary, and drive the end-to-end IR process to ensure timely and effective resolution.

Key Responsibilities:

Defense Engineering & Automation

• Design, onboard, and normalize data sources into the Elastic SIEM platform.
• Engineer and optimize log ingestion pipelines to improve search performance and query efficiency.
• Develop advanced detection rules mapped to the MITRE ATT&CK framework.
• Continuously tune detection logic to minimize false positives and enhance signal-to-noise ratio.
• Leverage scripting languages (Python, PowerShell, Bash) to automate evidence collection, enrich alerts, and streamline repetitive tasks.
• Integrate threat intelligence feeds into SIEM/SOAR workflows to support proactive detection and response.

Incident Response Support:

• Engage in technical investigations
• Lead and support technical investigations during security incidents across the enterprise.
• Build and deploy automated response playbooks within SOAR platforms.
• Collaborate with Legal, Compliance, and Customer teams during incident response cycles, ensuring consistent communication and transparency.
• Generate comprehensive technical incident reports for internal and external stakeholders.

Qualifications

Required Experience:

• 5–8 years of experience in security engineering, incident response, or SOC operations.
• Proven hands-on experience with:
  • SIEM, SOAR, and EDR/XDR platforms.
  • Log management and threat intelligence integration.
• Demonstrated ability to lead technical investigations and respond to complex security incidents.

Technical Skills:

• Deep understanding of TCP/IP, Windows/Linux internals, and cloud environments (AWS, Azure, OCI).
• Proficient in writing and maintaining scripts using Python, PowerShell, or Bash.
• Experience with Elastic SIEM, malware sandboxing, and network packet analysis tools (e.g., Wireshark).

Preferred Qualifications:

• Experience working in a SOC, MSSP, or cyber advisory function.
• Familiarity with scripting or data querying languages (e.g., Python, SQL) a plus.
• Passion for learning and applying cloud security best practices (OCI, AWS, Azure).
• Industry-recognized certifications (e.g., CISSP, GCIH, GCIA, GCFA).

Qualys is an Equal Opportunity Employer, please see our EEO policy.