Security Analyst

Qualys is seeking a talented Security Analyst to join our Cyber Fusion Center in Pune, India. This role focuses on critical areas like vulnerability management, policy compliance, and security posture management. You will be instrumental in the daily execution of security assessments, leveraging cutting-edge tools such as the Qualys TruRISK Platform. Your responsibilities will include detecting, reporting, and coordinating the remediation of vulnerabilities across our extensive environments. Furthermore, you will actively contribute to enhancing our compliance standing through robust policy enforcement, comprehensive container security testing, and ensuring readiness for audits.

This position is perfect for security operations and compliance enthusiasts who are driven by automation and eager to make a significant impact within a fast-paced, technology-centric organization.

Key Responsibilities

Vulnerability Management Program

• Implement, configure, and maintain Qualys VMDR for continuous vulnerability scanning of on-premises and cloud-based assets.
• Manage asset groups, tagging, scan schedules, and coverage to ensure comprehensive visibility of our security posture.
• Analyze scan results, pinpoint high-risk vulnerabilities, and manage remediation efforts with IT and engineering teams.
• Collaborate with application owners and infrastructure teams to prioritize and resolve security issues within defined SLAs.
• Produce detailed reports and executive summaries to effectively communicate findings and track trends.
• Support the integration of vulnerability data into dashboards and ticketing systems for streamlined automation and workflow management.

Policy Compliance

• Configure and maintain the Qualys Policy Compliance (PC) module to assess systems against industry benchmarks like CIS and NIST, as well as internal policies.
• Regularly review compliance scan results and work with system administrators to address any violations.
• Assist in developing and updating custom compliance policies to meet organizational and regulatory mandates.

Container Security

• Integrate container scanning tools, including Qualys Container Security, into CI/CD pipelines to identify vulnerabilities in images before deployment.
• Monitor running containers for misconfigurations, outdated components, or potential privilege escalation risks.
• Partner with DevOps and engineering teams to embed container security best practices throughout the build and release lifecycle.

Web Application Scanning

• Set up and manage Qualys WAS (Web Application Scanning) for both internal and external web assets.
• Identify common web application vulnerabilities such as SQL injection, XSS, and misconfigurations in custom and third-party applications.
• Work closely with application developers to efficiently review and resolve reported security issues.

File Integrity Monitoring (FIM)

• Configure and maintain File Integrity Monitoring solutions to detect unauthorized changes in critical system and application files.
• Monitor alerts and ensure that baselines are accurate, relevant, and updated in line with system changes.
• Help define rulesets and thresholds for generating actionable alerts.

Audit & Compliance Support

• Contribute to internal and external audits by providing accurate reports, evidence of remediation, and tool configurations.
• Ensure that vulnerability and compliance controls align with regulatory requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP.
• Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings.

Security Operations & Automation

• Identify opportunities for automation within the vulnerability management process using scripting or orchestration platforms.
• Maintain dashboards, reports, and alerting mechanisms for continuous visibility into security posture.
• Collaborate with tool vendors, particularly Qualys, to resolve issues, evaluate new features, and manage platform updates.

Qualifications & Experience

• Bachelor's or Master's degree in Cybersecurity, Computer Science, or a related field.
• 2-4 years of practical experience in vulnerability management and security operations.
• Proficient knowledge of Qualys VMDR, PC, WAS, Container Security, and FIM.
• Solid understanding of security control frameworks (e.g., CIS, NIST, ISO 27001) and compliance requirements.
• Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructure security.
• Skilled in interpreting scan results, assessing risk levels, and recommending remediation strategies.
• Excellent problem-solving abilities and a keen eye for detail.
• Strong written and verbal communication skills for documentation and stakeholder coordination.
• Preferred certifications: Security+, CEH, Qualys Certified Specialist, ISO 27001 Internal Auditor, or similar.

Good to Have

• Experience with automation tools and languages (e.g., Python, PowerShell, APIs).
• Exposure to security ticketing systems (e.g., ServiceNow, Jira).
• Knowledge of CI/CD security integration and DevSecOps practices.