Senior Qualys Vulnerability Management Engineer

Looking for Senior Qualys Vulnerability Management Engineer

Location : Greensboro, North Carolina (On-site)

Description

We are seeking aSenior Qualys Vulnerability Management Engineerto join the OT Cybersecurity team. This individual will serve as the organization'sQualys subject matter expert, owning the administration, optimization, and continuous advancement of the tool across operational technology (OT) environments.

The core requirement isdeep, hands-on Qualys expertise. Experience withServiceNow Vulnerability ResponseandOT/ICS environmentsis highly valued but primarily looking for a Qualys expert with acontinuous improvement mindsetwho is eager to grow within the OT cybersecurity domain.

Essential Duties and Responsibilities

Qualys Platform Ownership

• Serve as theprimary Qualys platform owner and subject matter expertfor the OT Cybersecurity program.
• Administer, configure, and optimizeQualys VMDRenvironments including Cloud Agents, scanner appliances, scan profiles, asset grouping, and API-driven automation.
• Experience with Python, PowerShell, or Bash for API-driven automation.
• LeverageTruRisk scoring, EPSS, CISA KEV, and Real-Time Threat Indicatorsfor risk-based vulnerability prioritization.
• Troubleshoot complex scanning issues and continuously evaluate new Qualys features and modules for adoption.

ServiceNow Integration Support

• Support and help optimize theQualys ServiceNow Vulnerability Responseintegration, ensuring accurate data flow, CI matching, and synchronized asset inventory.
• Collaborate with ServiceNow administrators on automated workflows, vulnerability orchestration, and data quality monitoring.

Vulnerability Analysis and Remediation

• Analyze scan results, validate findings, assess exploitability, and determine remediation priorities based on risk and operational impact.
• Partner with OT, IT, engineering, and plant operations teams to coordinate and track remediation efforts.
• Support alignment of vulnerability data across complementary tools includingTaniumandMicrosoft Defender.

Continuous Improvement and Security Posture Advancement

• Proactively identify gaps and inefficienciesin vulnerability management processes and propose measurable improvements.
• Establish and track metricsincluding mean time to detect, mean time to remediate, scan coverage, and TruRisk trends to demonstrate measurable progress.
• Advocate for security improvementsthrough data-driven recommendations to leadership.
• Stay current on emerging threats, Qualys platform updates, and OT cybersecurity trends.

Reporting and Knowledge Sharing

• Build dashboards and reports to communicate vulnerability status, risk posture, and remediation progress to stakeholders.
• Maintain documentation of platform configurations, scan coverage, remediation workflows, and exceptions.
• Support internal and external audits.
• Mentor and train team members on Qualys best practices and vulnerability management workflows.

Requirements

• 3+ years of hands-on Qualys platform experienceincluding VMDR, Cloud Agents, scanner appliances, scan tuning, and API usage.
• Strong understanding of thevulnerability management lifecycle discovery, assessment, prioritization, remediation, validation, and reporting.
• Knowledge ofrisk-based prioritizationusing TruRisk, EPSS, CISA KEV, or similar frameworks.
• Working knowledge of ServiceNowor similar ITSM platforms with the ability to support vulnerability data integrations.
• Demonstrated track record ofdriving continuous improvementin security processes and outcomes.
• Excellent communication skills with the ability to engage effectively across technical teams, leadership, and diverse global stakeholders.
• Strong analytical and problem-solving skills.
• Self-motivated with a proactive mindset andwillingness to learn OT/ICS environments.

Preferred Qualifications

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or related field.
• Experience inOT, manufacturing, or industrial environments.
• Deep experience with theQualys ServiceNow VR integrationincluding ETM, USEM, and VMDR for ITSM 2.0.
• Hands-on experience withTaniumandMicrosoft Defender.
• Familiarity withIEC 62443andNIST Cybersecurity Framework.
• Certifications such asCISSP, CISM, CEH, GICSP, orQualys platform certifications.

Key Competencies -What We Are Looking For

• Qualys Mastery
• You know the platform deeply and can own it independently from day one.
• Continuous Improvement
• You are never satisfied with good enough. You find ways to make things better and measure the results.
• Security-First Thinking
• You evaluate every decision through the lens of reducing risk.
• Ownership
• You take full accountability without waiting to be told what needs to be fixed.
• Curiosity
• You are eager to learn OT/ICS and expand your expertise into new domains.