Responsibilities 
In this position, you will primarily be researching and implementing detections for vulnerabilities on all the latest web application technologies. You will also be expected to fine-tune existing logic and payloads to detect vulnerabilities and CVEs with zero false positives for the Qualys Web Application Security product. Efficient problem-solving and troubleshooting skills are necessary, as well as using the latest tools in the industry.

Required Skills: 

* 3-5 years of industry experience in web application security 

* Create exploits, proof-of-concept for web application vulnerabilities 

* Strong JavaScript programming skills 

 * Knowledge of HTTP protocol (Requests, responses, Cookies, etc.)  

* Understanding of web application vulnerabilities, OWASP top 10 in Web Applications, API, and LLMs 

* Exposure to DAST/BlackBox tools 

* Web application security scanning tools like BURP/ZAP, SQLMap, CURL 

* Experience with network analysis tools and analysis of packet captures. 

* Proficient with regular expressions. 

* System administrator experience on Windows or Unix platforms.   

* Strong analytical and problem-solving skills 

* Passion for web security and attention to detail

* Experience with scripting languages, including Python and Bash   

* Exposure to JAVA programming   

* Experience with selenium, postman scripting 

* Experience with Metasploit/Nessus exploits (especially HTTP-related ) 

* Experience with web application firewalls (WAF) rules, ModSecurity 

* Exposure to WEB 2.0, XML/XPath, JSON, Swagger  

* Database/SQL knowledge 

* Experienced in the use of various scanners and open-source security tools. 

* Experience in developing security-related tools/programs. 

* Ability to work independently 

* Published research  

* Security certifications