Vulnerability Engineer

Possess knowledge of various technologies and security topics including operating systems network security protocols application security infrastructure hardening and security baselines.
Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE) Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP) strongly desired.
Industry Certification in IT & cyber security domains a strong advantage (PCIDSS CEH OSCP or similar industry certification like CISMCISP will be added advantage)
You are a passionate about vulnerability management and have extensive knowledge/experience of how Qualys works operates and is maintained in an enterprise context.
We expect you to be supportive of your team members share knowledge and contribute to a positive team dynamic
You will be working in an agile context meaning planning and delivery is done in iterations and all team members are expected to contribute to the full life cycle of the products.
Together with the team you will ensure that our solutions meet client s needs and stakeholders expectation.
Perform platform and application vulnerability assessment secure source code review and security baseline configuration review using variety of industry leading tools.
Able to prioritize risks and drive remediation by outlining and providing advice and solutions to technology owners on effective security controls and counter measures.
Providing information security solution as per PCI DSS / customer requirement.
Managing overall patch management team and tracking / reducing vulnerabilities as per customer requirements and managing SLA requirements for couple of accounts.
Working with technical as well as end users to understand business requirements and identify data solutions.
Ability to manage and adhere customer IT compliance and Security.
Conducting Risk Assessment for IT infrastructure
Track and validate remediation of security vulnerabilities.
Stay abreast on new security vulnerabilities and latest advancements in configuration compliance assessments from internal or external threat intelligence sources and CERT teams.
Prepare key risk indicators and metrics reporting to senior management team.
Report and articulate vulnerability assessment results and risk impact to key stakeholders.
Typical everyday tasks:
Attend team meetings.
Support more junior colleagues.
Independently work on improving services / products.
Collaborate with Product Management function and stakeholders on potential new products and/or development of existing products.
Support backlog refinements and planning.
We believe you have a profile that maps to the following behaviors/skills:
Has extensive knowledge/experience of how Qualys works operates is maintained and how to fully utilize Qualys in an enterprise organisation.
Understand how Qualys operates in a modern digital ecosystem with the ability to utilize the tool fully in a network environment consisting of a segmented onprem network and multiple cloud environments.
Understand what dependencies that are relevant to consider when implementing and operating Qualys. For example you have experience and understand how to make the most of Asset Management Data in an EndPoint Vulnerability context.
Represents the technical expertise available to Product Management. Where Product Management points out the needs of the organization and the Engineering community supports on how to reach that goal.
You know how to work closely with Product Management and actively support with development of new/updated product concepts. This includes but is not limited to:
The ability to see how we can leverage existing and new features in Qualys in a way that maximizes value.
Build POCs and help evaluate feasibility of product concepts.
The ability to understand and manage dependency and risks related to product concepts.
The ability to understand how we use technology to meet customer needs and expectations.
In collaboration with product management engage with stakeholders and capture/understand needs.
Represent a technical leader in the team and can guide and support more junior profiles. In expanding the services as well related to best practices for operations/maintenance.
Will also act as technical leadership in dialogue with stakeholders
Can support the teams with Agile events such as dailies planning events retrospectives etc.
Participates in dialogue with Qualys as a supplier to impact roadmap and stay up to date with coming changes.
Participates in dialogue with representatives from teams flagged as dependencies.
Can support the team with defining and managing relevant delivery related metrics and make use of the information to support the continuous improvement and learning of the team.
Support stakeholders in how to utilize endpoint services
Build stakeholder relationships and engagements

Basic Qualifications
Bachelors degree or equivalent combination of education and experience
Bachelors degree in computer science or related field preferred
CISSP certification preferred
Three or more years of computer science management information systems or data security experience
Experience working with information and network security practices
Experience working with computer programming
Experience working with computer desktop packages such as Microsoft Word Excel etc.
Experience working with operating systems
Experience working with security software packages
Experience working with security architecture

Other Qualifications
Analytical and problemsolving skills for resolving security issues
Interpersonal skills to interact with customers and team members
Communication skills to interact with team members and support personnel
Ability to work with relational databases
Ability to work in a team environment

Work Environment
Office environment.
Rotational shift.
May require weekend work

Remote Work :

No