Vulnerability Engineer/Analyst with Qualys

Job Title: Vulnerability Engineer/Analyst with Qualys

Location: Rockville MD

Job Type: Contract / Full Time

Client: Direct Client

The client seeks to enhance its enterprise vulnerability and configuration assessment capabilities by procuring the services of a qualified Vulnerability Engineer with demonstrated experience in the administration and operational use of the Qualys platform. This role is critical to supporting the organization''''''''s ongoing threat and vulnerability management program and will play a key role in reducing overall risk exposure.

The Qualys System Administrator is responsible for the administration, configuration, and operational management of the Qualys Cloud Platform to support enterprise vulnerability management, compliance, and risk management programs. This role partners closely with Information Security, GRC, Infrastructure, and Application teams to ensure accurate asset discovery, vulnerability identification, risk prioritization, and remediation tracking in alignment with internal policies.

Scope of Work

1. Qualys Platform Administration

• Administer and maintain the Qualys Cloud Platform, including (as applicable):
• Vulnerability Management (VMDR)
• Asset Inventory / Global AssetView
• Configure and manage scanners (internal, passive, and cloud-based)
• Maintain asset tagging strategies aligned with environments (Prod/Non-Prod), system owners, data classifications, and compliance scopes
• Manage user roles, permissions, and access controls within Qualys

2. Vulnerability Management Operations

• Execute scheduled and ad-hoc vulnerability scans across on-prem, cloud, and endpoint environments
• Validate scan results, reduce false positives, and ensure data accuracy
• Perform vulnerability triage and risk-based prioritization using CVSS, exploitability, threat intelligence, and business context
• Support remediation efforts by working with infrastructure, application, and cloud teams to validate fixes and re-scan assets

3. GRC & Compliance Integration

• Map Qualys findings to regulatory and control frameworks (e.g., NIST SP 800-53, HIPAA Security Rule, ISO 27001)
• Provide vulnerability and exposure data to support:
• Risk register entries
• Policy exception requests
• Audit and assessment activities
• Generate compliance and executive-level reports for security leadership and governance stakeholders

4. Automation & Reporting

• Develop and maintain custom dashboards, reports, and scorecards for operational, management, and executive audiences
• Leverage Qualys APIs to automate data extraction, integrations, and reporting (e.g., ServiceNow GRC, ticketing, SIEM)
• Support continuous monitoring initiatives by improving scan coverage, frequency, and data quality