Principal Security Research Engineer
Qualys · Pune
Qualys · Pune
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Principal Security Researcher – Threat Defense Location: Pune, India (Hybrid) / Remote Department: Research The Mission We are seeking a Security Researcher who is a builder, not just an analyst. Bridging the gap between advanced threat research and active defense, you will lead a R&D mandate to design engines that pinpoint real customer risk. You bring a rare blend of deep security expertise (Zero-days, CVEs, Exploits) and software engineering rigor to drive operational excellence at scale. You will serve as a key player in our Research Department, moving beyond standard vulnerability analysis to build next-generation detection capabilities. Your work will directly influence our threat defense engine. What You’ll Be Doing: • Conduct deep-dive research into emerging attack vectors to analyze vulnerability data and identify potential attack paths. • Assess vulnerability risks to develop tailored, actionable mitigation strategies and plans that address security gaps in critical systems. • Rapidly architect and build prototypes, PoCs, and detection tools. You won’t just theorize; you will write code (Python/Go/C) to test security hypotheses and demonstrate feasibility. • Design and validate algorithms based on network and application telemetry to detect complex exploit primitives (RCE, SQLi, Memory Corruption) at the execution boundary. • Partner with R&D and Product teams to translate complex research findings into production-grade security features, ensuring our engine evolves faster than the threat landscape. • Articulate security visions and research findings to the broader community through blogs, webinars, and industry conferences, reinforcing Qualys as a thought leader in the space. The DNA We Need We are looking for a technologist with a hacker mindset—someone who loves to explore how things work under the hood and prefers architecting solutions over maintaining legacy views. • 5+ years of experience in security research or low-level software engineering, with a focus on advanced threat detection and deep attack analysis. • Proven ability to develop robust PoCs and tools. You are comfortable reading and writing code in modern frameworks (Python, Go, or similar). • Strong understanding of the Linux ecosystem, OS internals, and cloud-native environments. • A track record of taking a vulnerability or theoretical attack method and converting it into a concrete detection rule or defensive tool. • Excellent written and verbal communication skills in English. You can effectively explain complex kernel-level concepts to stakeholders and present findings. Preferred Background: • Experience applying advanced AI/ML and LLMs to solve complex security challenges, automating expert tradecraft such as code analysis or adversarial simulation, to transform manual research workflows into autonomous, scalable defense engines. • Experience with eBPF, syscall tracing, or memory management. • Experience in architecting secure systems and deploying detection mechanisms to mitigate risk. • Experience building or securing developer-focused tools and pipelines. • Demonstrated ability to work independently in a fast-paced, unstructured environment where you wear multiple hats. Why Join? This is a role for a creator. You will have the mandate to innovate, the freedom to research, and the resources to build engines that define the state of the art in cyber defense.