Security Analyst

• Deploy, configure, and maintain Qualys VMDR for continuous vulnerability scanning across on-premises and cloud-based assets.
• Manage asset groups, tag configurations, scan schedules, and coverage to ensure full visibility of security posture.
• Analyze scan results, identify high-risk vulnerabilities, and track remediation efforts across IT and engineering teams.
• Work with application owners and infrastructure teams to prioritize and resolve security issues within SLA.
• Generate detailed reports and executive summaries to communicate findings and track trends over time.
• Support integration of vulnerability data into dashboards or ticketing systems for automation and workflow management.
  

• Configure and maintain the Qualys Policy Compliance (PC) module to assess systems against CIS, NIST, and internal benchmarks.
• Regularly review compliance scan results and coordinate with system administrators to resolve violations.
• Assist in developing and maintaining custom compliance policies based on organizational and regulatory requirements.
  

• Integrate container scanning tools (e.g., Qualys Container Security) into CI/CD pipelines to identify vulnerabilities in images before deployment.
• Monitor running containers for misconfigurations, outdated components, or privilege escalation risks.
• Partner with DevOps and engineering teams to embed container security best practices into the build and release lifecycle.
  

• Set up and manage Qualys WAS (Web Application Scanning) for internal and external web assets.
• Identify common vulnerabilities such as SQL injection, XSS, and misconfigurations in custom and third-party applications.
• Collaborate with application developers to review and resolve reported security issues efficiently.
  

• Configure and maintain File Integrity Monitoring solutions to detect unauthorized changes in critical system and application files.
• Monitor alerts and ensure baselines are accurate, relevant, and maintained in line with system updates.
• Assist in defining rulesets and thresholds for actionable alerting.
  

• Contribute to internal and external audits by providing accurate reports, remediation evidence, and tool configurations.
• Ensure vulnerability and compliance-related controls are aligned with regulatory requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP.
• Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings.
  

• Identify opportunities for automation within the vulnerability management lifecycle using scripting or orchestration platforms.
• Maintain dashboards, reports, and alerting mechanisms to provide continuous visibility into security posture.
• Collaborate with tool vendors, especially Qualys, to resolve issues, evaluate new features, and apply platform updates.
  

Qualifications & Experience

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• 2–4 years of hands-on experience in vulnerability management and security operations.
• Strong knowledge of Qualys VMDR, PC, WAS, Container Security, and FIM.
• Solid understanding of security control frameworks (e.g., CIS, NIST, ISO 27001) and compliance requirements.
• Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructure security.
• Proficiency in reading scan results, interpreting risk levels, and advising on remediation strategies.
• Excellent problem-solving skills and attention to detail.
• Strong written and verbal communication for documentation and stakeholder coordination.
• Preferred certifications: Security+, CEH, Qualys Certified Specialist, ISO 27001 Internal Auditor, or similar.
  

• Experience with automation (e.g., Python, PowerShell, APIs).
• Exposure to security ticketing systems (e.g., ServiceNow, Jira).
• Knowledge of CI/CD security integration and DevSecOps practices.