Security Engineer - InfoSec

1. Vulnerability Assessment & Management:

• Conduct

  server vulnerability assessments (VA)

  and remediation tracking.
• Perform

  configuration reviews

  to ensure compliance with security baselines.
• Use

  Qualys VMDR

  or equivalent tools to scan, analyze, and report vulnerabilities.
• Work with system administrators to validate and patch vulnerabilities.

2. Server Hardening & Configuration Review:

• Perform

  server configuration reviews

  based on

  CIS benchmarks

  and best practices.
• Recommend and implement

  server hardening

  measures.
• Ensure compliance with industry security standards and internal policies.

3. VAPT & Security Testing:

• Conduct

  Vulnerability Assessment & Penetration Testing (VAPT)

  for servers and networks.
• Work closely with third-party

  security testing vendors

  to review findings and ensure fixes.
• Track and manage security incidents related to

  server vulnerabilities

  .

4. Compliance & Risk Management:

• Ensure compliance with

  OWASP

  ,

  ISO 27001, PCI DSS, NIST, or other security standards

  .
• Work with teams to close security gaps found during

  audits and risk assessments

  .
• Document security controls, remediation plans, and compliance reports.

5. Vendor Management:

• Evaluate

  security vendors

  , review security reports, and track remediation efforts.
• Coordinate with third-party vendors for

  security audits and compliance checks

  .
• Ensure vendor-provided solutions comply with security policies.

Required Skills & Qualifications:

• Bachelor s degree in computer science, Information Security, or Engineering (BE/B.Tech).

• 3-5 years

  of experience in

  server security, vulnerability assessment, and compliance

  .
• Hands-on experience with

  Qualys VMDR, Nessus, or equivalent vulnerability scanning tools

  .
• Strong knowledge of

  CIS benchmarks, server hardening, and security best practices

  .
• Experience in

  VAPT and security testing methodologies

  .
• Understanding of

  ISO 27001, PCI DSS, NIST, or other security compliance frameworks

  .

• Good analytical and communication skills

  to work with internal teams and vendors.

Preferred Certifications:

• Certified Ethical Hacker (CEH)
• ECSA
• CompTIA Security+
• GIAC Security Essentials (GSEC)
• Qualys Certified Specialist (QCS)(Preferred)