security
Posted Nov 27, 2025Security Analyst
at Qualys
Pune, IndiaHybrid
Responsibilities
- Manage asset groups, tag configurations, scan schedules, and coverage to ensure full visibility of security posture.
- Analyze scan results, identify high-risk vulnerabilities, and track remediation efforts across IT and engineering teams.
- Generate detailed reports and executive summaries to communicate findings and track trends over time.
- Support integration of vulnerability data into dashboards or ticketing systems for automation and workflow management.
- Regularly review compliance scan results and coordinate with system administrators to resolve violations.
- Monitor running containers for misconfigurations, outdated components, or privilege escalation risks.
- Identify common vulnerabilities such as SQL injection, XSS, and misconfigurations in custom and third-party applications.
- Collaborate with application developers to review and resolve reported security issues efficiently.
- Monitor alerts and ensure baselines are accurate, relevant, and maintained in line with system updates.
- Ensure vulnerability and compliance-related controls are aligned with regulatory
- Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings.
- Maintain dashboards, reports, and alerting mechanisms to provide continuous visibility into security posture.
- Collaborate with tool vendors, especially Qualys, to resolve issues, evaluate new features, and apply platform updates. Qualifications &
Requirements
- Policy Compliance Configure and maintain the Qualys Policy Compliance (PC) module to assess systems against CIS, NIST, and internal benchmarks.
- requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP.
- Experience Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field. 2–4 years of hands-on
- experience in vulnerability management and security operations.
- Strong knowledge of Qualys VMDR, PC, WAS, Container Security, and FIM.
- Solid understanding of security control frameworks (e.g., CIS, NIST, ISO 27001) and compliance requirements.
- Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructure security.