Principal Security Analyst at Qualys, Inc.

Foster City, CA

About the Job

The Principal Security Analyst is responsible for the specification, implementation, compliance, auditing and assessment of our production infrastructure; maintains security for services, systems, and ancillary applications; is responsible for verifying compliance with security policies.

She/he will work closely with Development/Engineering, DBA, Networking, system administration and Support teams to provide security related support for Qualys production applications.

DUTIES AND RESPONSIBILITIES:

Identity management -- Directory service / authentication administration
Audit enterprise linux systems against baseline configurations and best practices
Continuous vulnerability assessment and remediation
System/network security monitoring with Security Information Event Management tools
Active participation in incident response
Maintain documentation of operational processes
Continuously review security bulletins and related news; stay apprised of current threats and trends
Provide data and root cause analysis for each service impacting security incident with all possible corrective actions for improvement.
Where required work with customers to identify and resolve customer issues related to Qualys products and services' security
Participate in product design discussions and make appropriate security recommendations.

KEY SKILLS, KNOWLEDGE, AND ABILITIES:

7-10 years of experience in systems and security administration.
BS or Engineering in Computer science or electronics or related IT focused.
Extensive knowledge of information security principles and practices, understanding of security protocols, principles, standards and defense in depth.
Experience with information security tools for performing vulnerability assessment, intrusion detection, integrity checking, event management
Extensive knowledge of Unix/Linux systems including hardware, software and applications.
Extensive knowledge of PKI, VPNs; Firewalls, IDS, TLS, Incident handling
Strong grasp of TCP/IP and common Internet fundamentals such as DNS, NTP, SMTP, HTTP, etc.
Knowledge of VMware and other virtualization products.
Working knowledge of Security Information Event Management tools, such as Splunk
Familiarity with common compliance frameworks like the CIS Critical Controls, NIST SP800, ISO27001
Certifications appreciated but not required - SANS, ISC2, OSCP
Knowledge of Apache and Tomcat web servers
Must have good verbal, written, interpersonal and presentation skills.
Must be able to work constructively in team environment.
Working experience in SaaS is highly desirable.

Job summary

About this company

Qualys, Inc.

Qualys, Inc., is the pioneer and leading provider of cloud security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, Infosys, Optiv, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). Qualys is always looking for great talent. For career opportunities, please see http://www.qualys.com/careers