Security Engineer - InfoSec

1. Vulnerability Assessment & Management:

• Conduct server vulnerability assessments (VA) and remediation tracking.
• Perform configuration reviews to ensure compliance with security baselines.
• Use Qualys VMDR or equivalent tools to scan, analyze, and report vulnerabilities.
• Work with system administrators to validate and patch vulnerabilities.

2. Server Hardening & Configuration Review:

• Perform server configuration reviews based on CIS benchmarks and best practices.
• Recommend and implement server hardening measures.
• Ensure compliance with industry security standards and internal policies.

3. VAPT & Security Testing:

• Conduct Vulnerability Assessment & Penetration Testing (VAPT) for servers and networks.
• Work closely with third-party security testing vendors to review findings and ensure fixes.
• Track and manage security incidents related to server vulnerabilities .

4. Compliance & Risk Management:

• Ensure compliance with OWASP , ISO 27001, PCI DSS, NIST, or other security standards .
• Work with teams to close security gaps found during audits and risk assessments .
• Document security controls, remediation plans, and compliance reports.

5. Vendor Management:

• Evaluate security vendors , review security reports, and track remediation efforts.
• Coordinate with third-party vendors for security audits and compliance checks .
• Ensure vendor-provided solutions comply with security policies.

Required Skills & Qualifications:

• Bachelor s degree in computer science, Information Security, or Engineering (BE/B.Tech).
• 3-5 years of experience in server security, vulnerability assessment, and compliance .
• Hands-on experience with Qualys VMDR, Nessus, or equivalent vulnerability scanning tools .
• Strong knowledge of CIS benchmarks, server hardening, and security best practices .
• Experience in VAPT and security testing methodologies .
• Understanding of ISO 27001, PCI DSS, NIST, or other security compliance frameworks .
• Good analytical and communication skills to work with internal teams and vendors.

Preferred Certifications:

• Certified Ethical Hacker (CEH)
• ECSA
• CompTIA Security+
• GIAC Security Essentials (GSEC)
• Qualys Certified Specialist (QCS) (Preferred)