Your Role and ResponsibilitiesWe are seeking a skilled and experienced Tenable.io and Qualys VM engineer to join our team. As a Tenable and Qualys Vulnerability Management (VM) Engineer, you will be responsible for managing and maintaining the Qualys Vulnerability Management platform to ensure the security of our organization’s infrastructure. You will collaborate with cross-functional teams to assess vulnerabilities, analyze risks, and implement remediation strategies to safeguard our systems.
Responsibilities:- Manage and maintain the Tenable.io and Qualys Vulnerability Management platform, including setup, configuration, and ongoing administration.
- Conduct regular vulnerability scans and assessments using Tenable and Qualys VM and analyze the results to identify vulnerabilities and potential risks.
- Collaborate with system administrators, network engineers, and other stakeholders to prioritize and address identified vulnerabilities.
- Develop and implement remediation strategies and action plans based on vulnerability scan findings.
- Provide technical expertise and guidance to cross-functional teams on vulnerability management best practices.
- Stay up to date with the latest security trends, vulnerabilities, and industry standards to continuously improve vulnerability management processes.
- Perform risk assessments and recommend appropriate mitigation strategies for identified vulnerabilities.
- Monitor and track remediation efforts to ensure timely and effective resolution of vulnerabilities.
- Knowledge of patch management processes and procedures.
- Understanding of regulatory requirements and industry best practices related to vulnerability management.
- Proficiency in interpreting and analyzing security intelligence and advisory reports.
- Ability to identify relevant findings and recommendations from the reports.
- Skill in translating complex security information into actionable steps and recommendations.
- Experience in developing and implementing security improvement plans based on report findings.
- Serve as an escalation point on issues, dependencies, and risks related to vulnerability scanning and security testing.
- Generate reports and metrics related to vulnerability management activities and present them to stakeholders.
- Assist with incident response efforts by investigating and providing technical support during security incidents related to vulnerabilities.
- Collaborate with vendors and other external entities to enhance the effectiveness of vulnerability management tools and processes.
- Comprehensive monitoring and documentation of vulnerability remediation activities from initiation to completion as per the predefined reporting frequencies to ensure timely communication of vulnerability remediation status.
Required Technical and Professional Expertise
- Minimum of 2 years information and cyber security experience, and experience in IT Vulnerability Management.
- Experience using vulnerability scanning tools such as Qualys, Tenable, Rapid7 and vulnerability management platforms (RiskVision, Kenna Security).
- Strong understanding of vulnerability management principles, methodologies, and best practices.
- Experience managing vulnerability management findings/services for cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud Platform).
- Working knowledge of system, application, network and database hardening techniques and practices.
- Working knowledge of one or more of the following – cloud technologies, internet security, networking protocols or experience with software development.
- Strong analytical skills and ability to identify advanced vulnerability threats.
- Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
- Experience with vulnerability scanning, assessment, analysis, and remediation.
- Proficiency in interpreting vulnerability scan results and prioritizing vulnerabilities based on severity and impact.
- Knowledge of common vulnerabilities and exposures (CVEs) and the ability to research and understand emerging vulnerabilities.
- Familiarity with industry standards such as CVSS, OWASP, and CWE.
- Good understanding of network and system security concepts and technologies.
- Strong problem-solving and analytical skills, with the ability to assess risks and recommend appropriate mitigation strategies.
- Relevant certifications such as Certified Ethical Hacker (CEH), Tenable Certifications or Qualys certifications are a plus.
- Knowledge of regulatory standards and frameworks such as ISO 27001, NIST, GDPR, and PCI-DSS. Experience with compliance audits and reporting.
Preferred Technical and Professional Expertise
- Security certifications such as CEH, GPEN
- Understanding of firewall & networking devices (Cisco, Palo Alto, Checkpoint).
- Understanding of desktop and server infrastructure (Microsoft, Linux, MacOS).
- Vulnerability Management tools (Qualys, Tenable/Nessus, Rapid 7 Nexpose).
- Security rating services such as BitSight, Security Scorecard and RiskRecon.
- Understanding of Cloud Security (Amazon Web Services, Google Cloud Platform).
- Working experience of PowerBI