Job Summary
We are looking for an experienced L2 Security Analyst with hands-on expertise in Vulnerability Assessment and Penetration Testing (VAPT), configuration reviews, and security scanning using Qualys.
The ideal candidate should have a solid understanding of security testing methodologies and the ability to identify, analyze, and report vulnerabilities across IT infrastructure and applications.
Key Responsibilities
- Conduct regular vulnerability assessments using Qualys VMDR and other tools across endpoints, servers, networks, and cloud infrastructure.
- Perform manual verification and analysis of vulnerability scan results, filter false positives, and prioritize vulnerabilities based on risk.
- Carry out configuration reviews of operating systems, databases, network devices, and cloud platforms against security benchmarks (e.g., CIS, NIST).
- Support or lead penetration testing exercises (internal/external infrastructure) under the guidance of senior team members or independently.
- Coordinate with asset owners, application teams, and infrastructure teams for remediation planning and closure of vulnerabilities.
- Maintain documentation of scan results, risk ratings, technical impact, and mitigation steps.
- Assist in compliance-driven vulnerability assessments (PCI-DSS, ISO 27001, etc.).
- Monitor and manage scan schedules, asset inventory, and scan health in Qualys.
- Generate regular VAPT and configuration review reports for Skills & Qualifications :
- Bachelor's degree in Computer Science, Information Security, or related field.
- 25 years of hands-on experience in vulnerability scanning using Qualys & crowdstrike.
- Knowledge of penetration testing tools and techniques (Burp Suite, Nmap, Metasploit, etc.).
- Good understanding of OS (Windows/Linux), networking concepts, firewalls, and web technologies.
- Experience with security benchmarks and configuration standards (CIS, NIST).
- Familiarity with scripting (Python, Bash, PowerShell) for automation is a plus.
- Understanding of CVSS scoring, vulnerability lifecycle, and remediation best practices.
- Relevant certifications (e.g., CEH, CompTIA Security+, Qualys certifications) are preferred.
(ref:hirist.tech)
