Software Engineer (WAF) Qualys
We are looking for a mid to senior level Software Engineer to join our Web Application Firewall (WAF) team. We are building a brand new open source WAF named IronBee (www.ironbee.com) along with a commercial offering to compliment IronBee. The commercial product consists of a distributed network of sensors (which may be running embedded in web servers, as reverse proxies, or as sniffers) and a central SaaS management platform. This position will primarily be working on the open source code for IronBee as well as commercially offered products.
This is a rare opportunity to work in a fulfilling role as part of a small team that is breaking new ground in the application security space. Qualys is an exciting pre-IPO company with excellent customer ratings and outstanding growth rates. Please note that this is a full-time position in Madison (WI), in the United States.
- C programming - system level, networking capable applications in a UNIX like environment.
- Develop highly available, secure and performance oriented code.
- Contribute to the design of the IronBee open source WAF.
- Develop core and module code for IronBee primarily in C, but also Lua.
- Aide with security research projects, especially in tool development.
- Aide in writing tools.
- Aide in software testing alongside our QA group.
- Write unit and regression tests.
- Write documentation.
- Perform in-depth code reviews.
Additional Plus Competencies
- Demonstrated experience developing system level applications in C in UNIX like environments.
- Ability to write highly readable, secure code in C - much of your code will be publicly available and highly scrutinized.
- Experience with secure programming styles - for example the CERT C Secure Coding Standard.
- Experience writing portable C99 code.
- Ability to read and quickly understand existing C code.
- Ability to work independently and efficiently, getting things done.
- Good communicator, with fluent English and excellent verbal and writing skills.
- A deep understanding of how the Internet works is essential. You must be familiar with networking protocols-- for example DNS, TCP/IP, SSL/TLS, and others.
- In-depth knowledge of HTTP and the related standards and specifications.
- Ability to work on a UNIX like OS as a primary platform.
- Experience in developing for other open source projects - especially in the network security industry.
- Experience in application penetration testing, intrusion detection and prevention systems, or web application firewalls.
- Experience using Lua in an embedded C environment.
- Experience with the Google Unit testing framework, gtest.
- Experience with the doxygen code documentation system.
- Experience writing documentation in docbook format.
- Exposure to open source, application security communities, and OWASP.
||Madison, WI |