Job Description

Role Summary

We are looking for a hands‑on Vulnerability Management professional with strong operational experience on Qualys VM / VMDR to support BAU vulnerability operations for large enterprise environments.

The role is execution‑heavy and requires day‑to‑day ownership of scanning, validation, remediation tracking, reporting, and stakeholder coordination, rather than advisory or governance‑only work.

͏

Role: Vulnerability Management Analyst – Qualys VM

Key Responsibilities 

• Perform authenticated and unauthenticated vulnerability scans using Qualys VM / VMDR across:
• Servers (Windows & Linux)
• Network devices
• Endpoints
• Cloud workloads (AWS / Azure)
• Manage asset discovery, tagging, and grouping within Qualys.
• Configure and maintain scan profiles, schedules, and exclusions based on environment and risk.
• Troubleshoot scan failures, authentication issues, and agent‑related problems.

• Analyze Qualys scan results and:
• Validate true positives
• Identify and eliminate false positives
• Apply risk‑based prioritization using CVSS, exploitability, asset criticality, and threat context.
• Track zero‑day and high‑severity vulnerabilities and support expedited remediation

• Create, track, and manage remediation tickets using:
• ServiceNow / Jira or equivalent ITSM tools
• Work closely with:
• Infrastructure teams
• Application owners
• Cloud and platform teams
• Follow up on remediation SLAs and perform re‑scans to confirm closure

• Prepare and publish:
• Weekly / Monthly vulnerability reports
• Executive summaries and dashboards
• Support compliance and audit requirements (ISO 27001, CIS benchmarks, etc.).
• Maintain SOPs, runbooks, and BAU documentation.

Tooling & Automation (Good to Have)

• Support Qualys API integrations with ServiceNow, SIEM, or reporting tools.
• Basic scripting exposure (Python / PowerShell / Bash) for automation and data handling.

Mandatory Skills & Experience

Core Technical Skills

• Strong hands‑on experience with Qualys VM / Qualys VMDR (mandatory)
• Solid understanding of:
• Vulnerability lifecycle (identify → assess → remediate → validate)
• CVE, CVSS, exploitability, patching concepts
• Experience with:
• Windows & Linux OS
• Networking fundamentals (TCP/IP, ports, firewalls)
• Exposure to cloud vulnerability scanning (AWS / Azure) is highly desirable.

Tools & Platforms

• Qualys VM / VMDR
• ITSM tools: ServiceNow / Jira
• Supporting tools: Nessus / Rapid7 (good to have, not mandatory)
• Reporting tools: Excel / Power BI (basic to intermediate)

Preferred / Nice to Have

• Experience in managed security services
• Exposure to:
• Policy compliance scanning
• Cloud posture / infrastructure security
• Certifications (preferred, not mandatory):
• Qualys certification
• CEH / Security+ / ISO 27001 awareness

͏

͏

͏