Engineer, Threat Research

Engineering Requisition ID 5977 Pune, India

Description

Qualys is looking for threat researchers who can leverage their experience and expertise to identify and analyze threats, produce original research publications, and work with engineering teams to provide a feedback and related insights into a multitude of Qualys products.

 

You will be a member of the Qualys Threat Research Team, a team of threat researchers working together to solve security challenges in new and innovative methods. The team is responsible for leading and conducting research related to adversary attack tactics and techniques, threat actor groups and campaign activity. The primary output of the Threat Research Team is security content for Qualys products, blog posts, and conference presentations via researching the latest tactics, techniques, and procedures leveraged by adversaries. The Threat Research Team also works closely with the security, malware research, product, and engineering teams to develop novel protection strategies against emerging cybersecurity threats. 

Responsibilities:

  • Analyze and research emerging security solutions, vulnerabilities, and exploits to identify novel TTPs and their related mitigations.
  • Onboarding of new security platforms into an operational model from the Security Architecture team
  • Create models for event normalization.
  • Produce correlation rules for hunting, geo-tagging, and enrichment.
  • Analyze threat attack life cycle including its behavior, modus operandi, and objectives.
  • Research new methods and technologies to detect cyber threats, identify signals, and design approaches to use these signals to identify security threats and security breaches.
  • Develop tools to automate and scale detection and response activities
  • Collaborate with other teams in developing and adding cross-product intelligence.
  • Working closely with Security Incident Response, Purple, Threat Intel teams
  • Troubleshooting issues affecting internal customers
  • Building of Linux servers, dockers, containers, automation

Experience:

2-5 years of experience

Preferred Requirements:

  • BS/BA degree in relevant technical field, or equivalent experience.
  • Understanding of security frameworks (MITRE ATT&CK, NIST CSF, etc.)
  • Experience in developing, implementing, and/or maintaining SIEM technologies.
  • Experience with Cloud Service Providers (Azure, AWS, GCP,OCI).
  • Extensive experience with both Windows and Linux Operating Systems.
  • Experience in configuring and deploying EDR
  • Proficient in Query Languages (QL).
  • Experience with Python and various scripting languages is desired.
  • Vast knowledge of content creation and industry standard alerting techniques.
  • Well-versed in log ingestion methods and forwarder configurations.
  • Experience in Cyber Security is highly desired.
  • Familiarity with EPP/EDR/XDR technologies.
  • Familiarity with ELK stack
  • Experience with consuming Kafka messages
  • Well groomed, working knowledge of SIEM products.
  • Understanding of security controls, forensics, kill chain analysis, risk assessment and security metrics.
  • Understanding of reverse engineering techniques.
  • Knowledge of networking and the TCP/IP stack.
  • Knowledge of programming or scripting languages.
  • Knowledge of networking protocols and application file formats like PE, OLE files, and operating system internals.

EEO Employer/Vet/Disabled