Security Analyst

Join Qualys in Pune, India as a Security Analyst

Qualys is seeking a passionate Security Analyst to join our dynamic Cyber Fusion Center team in Pune, India. This role is an excellent opportunity to contribute to impactful security missions in a collaborative and innovative environment. You will play a key role in safeguarding our systems through vulnerability management, policy compliance, and security posture management.

As a Security Analyst, you will be instrumental in the daily execution of comprehensive security assessments, utilizing industry-leading tools like the Qualys TruRISK Platform. Your efforts will focus on detecting, reporting, and coordinating the remediation of vulnerabilities across various Qualys environments. Furthermore, you will enhance our compliance posture by enforcing policies, conducting container and web application security testing, and ensuring audit readiness.

This position is perfect for security professionals driven by operations, compliance, and automation, who are eager to make a significant impact in a fast-paced, technology-centric setting.

Key Responsibilities:

Vulnerability Management Program

• Deploy, configure, and maintain Qualys VMDR for continuous vulnerability scanning of on-premises and cloud-based assets.
• Manage asset groups, tag configurations, scan schedules, and coverage for complete security posture visibility.
• Analyze scan results, pinpoint high-risk vulnerabilities, and oversee remediation efforts with IT and engineering teams.
• Collaborate with application owners and infrastructure teams to prioritize and resolve security issues within defined Service Level Agreements (SLAs).
• Produce detailed reports and executive summaries to present findings and track security trends.
• Support the integration of vulnerability data into dashboards or ticketing systems for enhanced automation and workflow management.

Policy Compliance

• Configure and manage the Qualys Policy Compliance (PC) module to assess systems against CIS, NIST, and internal benchmarks.
• Regularly review compliance scan results and coordinate with system administrators to address violations.
• Assist in the development and maintenance of custom compliance policies to meet organizational and regulatory needs.

Container Security

• Integrate container scanning tools, such as Qualys Container Security, into CI/CD pipelines to identify vulnerabilities in images prior to deployment.
• Monitor running containers for misconfigurations, outdated components, or privilege escalation risks.
• Partner with DevOps and engineering teams to embed container security best practices throughout the build and release lifecycle.

Web Application Scanning

• Set up and manage Qualys WAS (Web Application Scanning) for both internal and external web assets.
• Identify common vulnerabilities like SQL injection, XSS, and misconfigurations in custom and third-party applications.
• Work closely with application developers to efficiently review and resolve reported security issues.

File Integrity Monitoring (FIM)

• Configure and maintain File Integrity Monitoring solutions to detect unauthorized changes in critical system and application files.
• Monitor alerts and ensure baselines are accurate, relevant, and updated in line with system changes.
• Assist in defining rulesets and thresholds for effective and actionable alerting.

Audit & Compliance Support

• Contribute to internal and external audits by providing accurate reports, remediation evidence, and tool configurations.
• Ensure vulnerability and compliance controls align with regulatory requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP.
• Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings.

Security Operations & Automation

• Identify opportunities to automate the vulnerability management lifecycle using scripting or orchestration platforms.
• Maintain dashboards, reports, and alerting mechanisms for continuous visibility into security posture.
• Collaborate with tool vendors, particularly Qualys, to resolve issues, evaluate new features, and implement platform updates.

Qualifications & Experience:

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or a related field.
• 2-4 years of hands-on experience in vulnerability management and security operations.
• Strong knowledge of Qualys VMDR, PC, WAS, Container Security, and FIM.
• Solid understanding of security control frameworks (e.g., CIS, NIST, ISO 27001) and compliance requirements.
• Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructure security.
• Proficiency in interpreting scan results, assessing risk levels, and advising on remediation strategies.
• Excellent problem-solving skills and meticulous attention to detail.
• Strong written and verbal communication skills for documentation and stakeholder coordination.
• Preferred certifications: Security+, CEH, Qualys Certified Specialist, ISO 27001 Internal Auditor, or similar.

Good to Have:

• Experience with automation tools (e.g., Python, PowerShell, APIs).
• Exposure to security ticketing systems (e.g., ServiceNow, Jira).
• Knowledge of CI/CD security integration and DevSecOps practices.