Principal Security Analyst in San Mateo, CA

View All Information Technology jobs


Information Technology   •  

8 - 10 years

Posted 8 weeks ago


The Principal Security Analyst is responsible for the specification, implementation, compliance, auditing and assessment of our production infrastructure; maintains security for services, systems, and ancillary applications; is responsible for verifying compliance with security policies.

She/he will work closely with Development/Engineering, DBA, Networking, system administration and Support teams to provide security related support for Qualys production applications.


  • Identity management -- Directory service / authentication administration
  • Audit enterprise linux systems against baseline configurations and best practices
  • Continuous vulnerability assessment and remediation
  • System/network security monitoring with Security Information Event Management tools
  • Active participation in incident response
  • Maintain documentation of operational processes
  • Continuously review security bulletins and related news; stay apprised of current threats and trends
  • Provide data and root cause analysis for each service impacting security incident with all possible corrective actions for improvement.
  • Where required work with customers to identify and resolve customer issues related to Qualys products and services' security
  • Participate in product design discussions and make appropriate security recommendations.


  • 7-10 years of experience in systems and security administration.
  • BS or Engineering in Computer science or electronics or related IT focused.
  • Extensive knowledge of information security principles and practices, understanding of security protocols, principles, standards and defense in depth.
  • Experience with information security tools for performing vulnerability assessment, intrusion detection, integrity checking, event management
  • Extensive knowledge of Unix/Linux systems including hardware, software and applications.
  • Extensive knowledge of PKI, VPNs; Firewalls, IDS, TLS, Incident handling
  • Strong grasp of TCP/IP and common Internet fundamentals such as DNS, NTP, SMTP, HTTP, etc.
  • Knowledge of VMware and other virtualization products.
  • Working knowledge of Security Information Event Management tools, such as Splunk
  • Familiarity with common compliance frameworks like the CIS Critical Controls​, NIST SP800, ISO27001
  • ​Certifications appreciated but not required - SANS, ISC2, OSCP
  • Knowledge of Apache and Tomcat web servers
  • Must have good verbal, written, interpersonal and presentation skills.
  • Must be able to work constructively in team environment.
  • Working experience in SaaS is highly desirable.