Qualys Engineer

We are seeking an experienced Qualys Security Engineer to join our client’s Vulnerability Management team. This role will be responsible for managing and optimizing Qualys deployments, conducting vulnerability assessments, and working cross-functionally to improve the security posture.

This role requires US Citizenship and the ability to obtain a DoD Secret Clearance prior to starting. The individual in this role must reside within a commutable distance of Washington, DC to work onsite full time.

This is a direct hire position with our client with an anticipated annual salary range of $170-185,000.

Key Responsibilities:

• Manage and maintain the Qualys vulnerability management platform, including scanners, agents, and cloud connectors.
• Configure and optimize scanning policies, authentication, and assessment templates.
• Analyze vulnerability scan results and produce actionable reports for various stakeholders.
• Coordinate with IT and Development teams to validate and remediate identified vulnerabilities.
• Develop and maintain automation scripts for Qualys API integration and custom reporting.
• Perform asset discovery and maintain accurate asset inventory within Qualys.
• Investigate false positives and tune scanning configurations to improve accuracy.
• Support compliance initiatives by configuring and running policy compliance scans.
• Mentor junior team members on vulnerability management best practices.

Required Qualifications:

• US Citizenship is required. Must be able to obtain and maintain a DoD Secret Clearance.
• Bachelor's degree in Computer Science, Information Security, or related field.
• 3-5 years of experience with vulnerability management tools, preferably Qualys.
• Must reside within a commutable distance of Washington, DC to work onsite full time.
• Strong understanding of networking concepts, security protocols, and common vulnerabilities.
• Experience with Windows and Linux operating systems.
• Proficiency in scripting languages (Python, PowerShell, or Shell scripting).
• Knowledge of security frameworks (NIST, CIS, ISO 27001).
• Strong analytical and problem-solving skills.
• Technical Skills:
  • Qualys Vulnerability Management
  • Qualys Policy Compliance
  • Qualys Web Application Scanning
  • API integration and automation
  • Database management
  • Network protocols and architecture
  • Operating system security
  • Vulnerability assessment methodologies.
• Excellent written and verbal communication.
• Strong project management capabilities.
• Ability to work independently and as part of a team.
• Good documentation practices.
• Effective stakeholder management.
• Problem-solving mindset.

Preferred Qualifications:

• Security certifications (CISSP, CEH, GIAC, or similar).
• Experience with additional security tools (Nessus, Rapid7, etc.).
• Knowledge of cloud security concepts (AWS, Azure, GCP).
• Experience with configuration management tools.
• Familiarity with container security and web application security.
• Background in system administration or network security.