Qualys, Inc., the leading provider of cutting edge cloud-based security provider is looking for highly skilled Signature Engineer for Cloud Security Compliance engineering team.
As a Signature Engineer you will be part of an engineering team that is responsible for the research, development, and delivery of compliance signatures for Cloud security product. In this team you will work on numerous Cloud platforms, Cloud Services, SAAS applications and security standards like CIS, CSA-CCM, NIST, DISA, PCI-DSS and help customers assess the configurations and compliance.
- Understand and explore APIs (REST, Java, PowerShell, Shell) provided by Cloud service providers (AWS, Azure, Google Cloud Platform etc.)
- Based on research develop Java based signatures to identify and fix non-compliant cloud platforms/services related configurations and settings using Java API calls and Json Processing
- Research on hardening Cloud-Platforms , SAAS applications and cloud services configurations/settings
- Track updates pushed by cloud service provider on respective supported cloud platforms/services
- Keep updates with industry standards and features set for systems and platform compliance.
- BS/MS in Computer Science or a related field.
- Experience level 0-3 years.
- Knowledge in Java Programming , Rest APIs , Security concepts
- Proficient in Regular Expressions and Programming methods
- Strong knowledge of Cloud Architectures and Security space
- Knowledge and understanding with Cloud services/Platforms and various cloud service provider offerings (AWS, Azure, Google)
- Knowledge and understanding with SAAS applications(Salesforce, O365, GSuite , Zoom)
- Conversant with Shell, PowerShell scripting
- Good communication skills
- Good understanding on domain of Information Security
- Security Certifications like: CEH, CISA, CISM, CISSP, ISC2-CCSP
- Cloud platform-based certifications like: AWS/Azure/GCP Certified Developer/Solution Architect
- Exposure to Security benchmarks like CIS or SCCM, DISA and STIG
- Basic understanding of security standards/mandates like CSA-CCM, NIST, PCI-DSS etc.