Senior Software Engineer for Linux Redwood City, CA

Qualys, the leading provider of Software as a Service (Saas) vulnerability management and policy compliance solutions, helps organizations of all sizes discover vulnerabilities, ensure regulatory compliance and prioritize remediation according to business risk - with no infrastructure to deploy or manage. QualysGuard, the company's flagship on demand service, conducts automated security audits and provides the quickest route to neutralize worms and other emerging threats. Distributed scanning capabilities and unprecedented scalability make QualysGuard the ideal choice for both SMB's and large, distributed organizations. eBay, Oracle, Cigna and McDonald’s are just a sample of our 250 Fortune 1000 and 3000 + customers. This opening is your opportunity to work in the rapidly expanding field of computer security, in a pre-IPO company with excellent customer ratings and outstanding growth rates. As a Software Engineer you will be part of a motivated engineering team that is responsible for the QualysGuard scanner software and related applications.

Responsibilities

The Senior Software Engineer for Linux will work in our Scanner development team and will be responsible for designing, implementing and maintaining parts of the QualysGuard scanner software and related applications. The candidate must possess a strong background in Unix/Linux C and C++ software development, and in the development of TCP/IP network applications using the BSD socket API.

Qualifications

• BS/MS in Computer Science or equivalent plus five years of software development experience.
• Recent experience in Unix/Linux C and C++ software development.
• Recent experience in TCP/IP network application development using the BSD socket API.
• Solid background in software engineering principles, object oriented design and development, and multithreading.
• Experience with Linux software development environments (bash, gcc, gdb, Makefiles, vim/emacs etc).
• Experience with common TCP/IP protocols (HTTP, SMTP, SSH etc).
• Good understanding of computer security and network security principles and techniques.
• Strong troubleshooting and communication skills.
• Detailed, packet-level experience with IP, UDP and TCP.
• Knowledge of Linux system internals and programming techniques.
• Background on operating system design.
• Experience with remote security scanning tools, network troubleshooting tools and vulnerability assessment tools.

Vulnerability Detection Engineer Beijing, China

As a Vulnerability Detection Engineer you will be part of a motivated engineering team that is responsible for the research, development, and delivery of vulnerability signatures in the QualysGuard on demand security service. This opening is your opportunity to work in the rapidly expanding field of computer security, in a pre-IPO company with excellent customer ratings and outstanding growth rates.

Responsibilities

Create signatures for the QualysGuard product to detect vulnerabilities in the areas of Databases, Applications, Operating System, TCP/IP Protocols and network devices. Outstanding problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious. A vulnerability detection engineer should also spend a proportion of time keeping up with current vulnerabilities, attacks and countermeasures.

Qualifications

• MS in Computer Science or 3 years of industry experience in network and systems security.
• Proficient with regular expressions and scripting languages.
• In-depth knowledge of TCP/IP, HTTP, FTP, SSH, SSL and SMTP protocols.
• System administrator experience on Windows or Unix platforms.
• Strong understanding of VPN, Firewalls, Intrusion detection system (IDS).
• Excellent written and verbal communication skills.

Additional Plus Competencies

• Understanding of LISP.
• Experienced in the use of vulnerability scanners, IDS and open source security tools.
• CISSP or SANS GIAC certifications.

Linux Systems Administrator Beijing, China

Responsibilities

The Linux System Administrator is responsible for the administration, maintenance and troubleshooting of the production and staging servers that are involved in running the Qualys flagship QualysGuard service. Perform ongoing system maintenance, administration, and troubleshooting. Be on call to respond to service affecting issues, participate in pager duty.

Qualifications

• 3 to 5 years Linux System Administration.
• Have Experience in production environments requiring continuous uptime.
• Must be Knowledgeable in: RedHat Linux, shell scripting, PERL, and Apache.
• BS/MS in Computer Science or related experience.
• Good communication and writing skills.

QA Security Engineer Beijing, China

As a QA Security Engineer you will be part of a motivated engineering team that is responsible for ensuring the quality of the QualysGuard on demand security service. This opening is your chance to work in the rapidly expanding field of computer security, in a pre-IPO company with excellent customer ratings and outstanding growth rates.

Responsibilities

Perform ad-hoc and automated security assessments of the QualysGuard Web Applications as well as the Scanner Engine and Appliance. Develop and run automated tests for web application security testing, penetration testing, security assessment and compliance testing. Analyze results and document findings with automated daily web-based test reports. Bug analysis to reproduce and isolate faults, and perform root cause investigation.

Qualifications

• Bachelors degree with at least 3 years experience with QA process and methodology
• 1 year of web application security testing with different browsers
• Experience with port scanners like nmap as well as vulnerability assessment tools like nessus
• Experience with Apache web server and web application development
• Must be proficient with HTML, Javascript, XML, HTTP and HTTPS protocols
• Knowledge of relational databases - Oracle 9i and above
• Recent programming experience with one or more of C, SQL, shell and perl required
• Must be a critical thinker with excellent verbal and written skills

Additional Plus Competencies

• PHP programming a plus
• Security related certifications like CISSP, CEH, etc
• Application Security testing experience with tools such as WebInspect, Kavado, WatchFire, Spike Proxy
• Vulnerability scanning experience with tools like nessus, eEye Retina, ISS Security Scanner
• TCP/IP and network knowledge and troubleshooting
• Network troubleshooting