HiringCafe
Posted 3mo ago

Senior Security Research Engineer

@ Qualys
View All Jobs
Pune, Maharashtra, India
OnsiteFull Time
Responsibilities:research vulnerabilities, develop mitigations, patch analysis
Requirements Summary:Research and analyze vulnerabilities; develop mitigation strategies; patch and configuration analysis; require strong security and research skills.
Technical Tools Mentioned:IDA Pro, Ghidra
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Responsibilities: 

  • Research, analyze, and assess attack surface and vulnerability data 

  • Develop tailored and actionable mitigation strategies and plans to address vulnerability risk 

  • Work with new and emerging vulnerability data to identify potential attack paths in critical systems. 

  • Document, develop and present mitigation strategies in web applications, databases, standalone applications, etc. 

  • Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation 

  • Provide mitigation strategies that prioritize risk against level of effort for multiple systems or organizations 

  • Catalog mitigation advice, challenges, and trends and patterns 

  • Patch diffing and reverse engineering with tools such as Ghidra, IDA, etc.  

  • Provide subject matter expertise on tailored mitigations to resolve and remediate vulnerabilities on targeted technologies 

  • Work in fast-paced startup like environment with shifting priorities to handle and maintain balance with multiple stakeholders. 

  • Conduct research to assess and create software patches and configuration changes to be applied to varied software, middleware and hardware 

  • Provide assessment including security, system, and business impact of vulnerabilities 

  • Must be able to think ahead to avoid business outages based on the lab results 

  • Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and reporting 

 

Desired Skills: 

  • Excellent understanding of network, system and application security 

  • Experience with IDA Pro, Ghidra, or similar binary analysis tool 

  • Knowledge of various vulnerability scanning solutions is a plus 

  • Excellent written and verbal communication 

  • Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background 

  • Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate risk 

  • A solid understanding of industry best practices for Patch Management  

  • Specific demonstrated experience mapping business processes and comparing those processes to industry best practices 

  • Background around using or understanding of security tools would be plus 

  • Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems 

  • Thorough testing of patches in a non-production environment  

  • Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS 

  • Should have very good communication and articulation skills 

  • Ability and ready to learn new technology and should be a good team player 

  

What you get to do: 

Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patching vulnerabilities