Vulnerability Management & Security Posture Engineer (Qualys SME)

Job Title: Vulnerability Management & Security Posture Engineer (Qualys SME)

Location: Bangalore

Experience: 48 Years

Employment Type: Full-Time

Role Overview

We are seeking a hands-on Vulnerability Management & Security Posture Engineer with deep expertise in Qualys VMDR, Policy Compliance (PC), and Security Configuration Assessment (SCA). This role involves end-to-end ownership of vulnerability management, including asset discovery, scanning, posture assessment, and remediation lifecycle, with a strong focus on automation and continuous improvement.

Key Responsibilities

1. Asset Discovery & Scan Management

• Perform asset discovery using agent-based and network scanning techniques
• Configure and manage scan profiles (authenticated scans, port ranges, scheduling)
• Execute and monitor scans across on-prem, cloud, and endpoint environments

2. Vulnerability & Posture Assessment

• Analyze vulnerabilities and misconfigurations using VMDR and Policy Compliance
• Prioritize findings based on CVSS, exploitability, and business impact
• Assess systems against CIS benchmarks and organizational security baselines

3. Remediation & Automation

• Integrate vulnerability findings with ITSM tools (e.g., ServiceNow) for tracking
• Drive the remediation lifecycle: Open In Progress Validated Closed
• Implement automation using Qualys CAR / QFlow where applicable
• Manage exceptions, risk acceptance, and compensating controls

4. Reporting & Stakeholder Communication

• Generate technical, compliance, and executive-level reports
• Build dashboards to track vulnerability trends and posture improvements
• Provide actionable remediation guidance and track SLA adherence

Must-Have Skills

• Strong hands-on experience with Qualys VMDR, Policy Compliance (PC), and SCA
• Solid understanding of CIS Benchmarks, CVSS scoring, and vulnerability lifecycle
• Experience with scan configuration, asset tagging, and risk prioritization
• Familiarity with ITSM integrations (ServiceNow preferred)
• Exposure to scripting/automation (Python, Shell)

Good to Have

• Experience with automation workflows (QFlow, SOAR tools)
• Knowledge of security frameworks: ISO 27001, NIST, CIS
• Exposure to compliance reporting and audit support
• Cloud security posture experience (AWS, Azure, GCP)

Key Deliverables

• Asset Inventory & Scan Coverage Reports
• Vulnerability Prioritization Matrix
• Compliance & Security Posture Assessment Reports
• Remediation Tracker & Automation Logs
• Executive Security Scorecards

What Were Looking For

• Strong ownership mindset with attention to detail
• Ability to collaborate with cross-functional teams (Infrastructure, Cloud, Application teams)
• Proactive approach toward risk reduction, automation, and continuous improvement.