Senior Security Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Join our dynamic team as a Security Analyst, where your expertise will be pivotal in fortifying our organizational defenses. As a key player, you will spearhead the implementation and management of cutting-edge vulnerability management processes, with a specialized focus on Qualys solutions. Your mission is to safeguard our Qualys infrastructure by deploying advanced security measures, conducting thorough assessments, and ensuring the seamless integration of industry-leading technologies.

In this role, you will not only be a guardian of our Qualys digital assets but also a catalyst for innovation, driving the continuous enhancement of our security posture. We're looking for an enthusiastic professional with a keen eye for cybersecurity trends, hands-on experience with Qualys, Cloud Security Posture Management (CSPM), and Endpoint Detection and Response/Endpoint Protection Platforms (EDR/EPP), and a commitment to excellence. If you are passionate about staying one step ahead of evolving threats and contributing to a secure digital future, we invite you to bring your skills to our team.

Responsibilities:

Qualys Implementation:

• Deploy and configure Qualys Vulnerability Management solutions for comprehensive coverage of Qualys infrastructure.
• Integrate Qualys with other security tools and systems to streamline data sharing and incident response.

Continuous Scanning:

• Establish and maintain regular scanning schedules to ensure timely identification of vulnerabilities.
• Configure Qualys scans to cover all assets, including servers, network devices, and cloud resources.

Scan Analysis and Reporting:

• Analyze scan results using Qualys reports and dashboards to identify critical vulnerabilities.
• Generate and distribute detailed vulnerability reports to relevant stakeholders, including recommended remediation actions.

Remediation Coordination:

• Collaborate with IT and system administration teams to prioritize and schedule remediation efforts based on Qualys scan findings.
• Provide technical guidance on specific remediation steps, including patching and configuration changes.

Qualys Policy Compliance:

• Implement and manage Qualys Policy Compliance modules to ensure that systems adhere to internal security policies and industry standards.
• Regularly review and update compliance policies to reflect evolving security requirements.

Trend Analysis and Metrics:

• Conduct trend analysis on vulnerability data to identify recurring issues and areas for proactive improvement.
• Develop and maintain key performance indicators (KPIs) related to vulnerability management efficacy.

Patch Management Integration:

• Integrate Qualys with patch management systems to streamline the deployment of security patches.
• Ensure that patching activities align with Qualys scan results and prioritize critical vulnerabilities.

CSPM (Cloud Security Posture Management):

• Implement and fine-tune CSPM tools to enforce compliance with industry regulations and organizational policies.
• Conduct regular audits of cloud infrastructure configurations, addressing security gaps and misconfigurations.
• Collaborate with DevOps teams to integrate security into the continuous integration/continuous deployment (CI/CD) pipeline.

EDR/EPP (Endpoint Detection and Response/Endpoint Protection Platforms):

• Deploy and manage EDR/EPP solutions for advanced threat detection and response capabilities.
• Configure and monitor EDR/EPP tools, conduct regular audits, and ensure proper integration with other security controls.
• Respond promptly to endpoint security alerts, investigate incidents, and implement corrective actions.

Training and Documentation:

• Provide training to relevant teams on using Qualys, CSPM, and EDR/EPP effectively for vulnerability management and security measures.
• Document configurations, workflows, and best practices for internal knowledge sharing.

Automation and Orchestration:

• Implement and maintain end-to-end automation workflows for scanning Qualys infrastructure.
• Explore automation opportunities within Qualys, CSPM, and EDR/EPP for repetitive tasks, enhancing efficiency.
• Implement orchestration workflows to automate the execution of remediation steps based on findings.

Collaboration with Qualys Support:

• Engage with Qualys support for issue resolution, updates, and to stay informed about new features and best practices.
• Participate in Qualys user forums and communities to share insights and learn from others' experiences.

Qualifications:

• Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field.
• Relevant certifications such as COMPTIA Security+, CEH, or similar.
• Proven experience in conducting vulnerability assessments and implementing security measures.
• Proficiency in deploying and managing security tools and solutions.
• Strong understanding of cloud security best practices.
• Experience with Cloud Security Posture Management (CSPM) tools.
• Hands-on experience with Endpoint Detection and Response/Endpoint Protection Platforms (EDR/EPP).
• Excellent documentation and communication skills.
• Ability to collaborate effectively with cross-functional teams.
• Continuous learning mindset to stay updated on the evolving cybersecurity landscape.