Security Engineer

Job Description

Job Summary: We are looking for a skilled and certified Security Analyst with 3 to 5 years of experience in vulnerability assessment, server configuration review, CIS hardening, and VAPT. The ideal candidate should have hands-on experience with Qualys VMDR , vendor management, and compliance frameworks. The candidate should have an engineering background and hold relevant security certifications. Key Responsibilities: 1. Vulnerability Assessment & Management: Conduct server vulnerability assessments (VA) and remediation tracking. Perform configuration reviews to ensure compliance with security baselines. Use Qualys VMDR or equivalent tools to scan, analyze, and report vulnerabilities. Work with system administrators to validate and patch vulnerabilities. 2. Server Hardening & Configuration Review: Perform server configuration reviews based on CIS benchmarks and best practices. Recommend and implement server hardening measures. Ensure compliance with industry security standards and internal policies. 3. VAPT & Security Testing: Conduct Vulnerability Assessment & Penetration Testing (VAPT) for servers and networks. Work closely with third-party security testing vendors to review findings and ensure fixes. Track and manage security incidents related to server vulnerabilities . 4. Compliance & Risk Management: Ensure compliance with OWASP , ISO 27001, PCI DSS, NIST, or other security standards . Work with teams to close security gaps found during audits and risk assessments . Document security controls, remediation plans, and compliance reports. 5. Vendor Management: Evaluate security vendors , review security reports, and track remediation efforts. Coordinate with third-party vendors for security audits and compliance checks . Ensure vendor-provided solutions comply with security policies. Required Skills & Qualifications: Bachelor s degree in computer science, Information Security, or Engineering (BE/B. Tech). 3-5 years of experience in server security, vulnerability assessment, and compliance . Hands-on experience with Qualys VMDR, Nessus, or equivalent vulnerability scanning tools . Strong knowledge of CIS benchmarks, server hardening, and security best practices . Experience in VAPT and security testing methodologies . Understanding of ISO 27001, PCI DSS, NIST, or other security compliance frameworks . Good analytical and communication skills to work with internal teams and vendors. Preferred Certifications: Certified Ethical Hacker (CEH) ECSA CompTIA Security+ GIAC Security Essentials (GSEC) Qualys Certified Specialist (QCS) (Preferred) Why Join Us? Opportunity to work with cutting-edge security tools and frameworks . Exposure to enterprise security compliance and risk management . Growth opportunities in a fast-paced cybersecurity environment.