Track Manager - Qualys

Job Summary

The Vulnerability Management Analyst is responsible for managing the end‑to‑end vulnerability lifecycle across enterprise environments using Qualys VMDR and External Attack Surface Management (EASM). The role focuses on identifying, prioritizing, and driving remediation of vulnerabilities across on‑premise, cloud, and internet‑facing assets, while ensuring compliance with defined SLAs and governance standards.\r\n This position plays a critical role in external attack surface visibility, discovering unknown or unmanaged internet‑exposed assets, tracking ownership, and identifying exposure risks such as open ports, misconfigurations, expired certificates, and typo‑squatted domains. The analyst works closely with infrastructure, cloud, application, and business teams to assign accountability, validate remediation, manage exceptions, and reduce overall exposure risk.\r\n The role also produces clear technical and executive‑level reports, communicates security risks effectively to stakeholders, and supports continuous attack surface reduction and vulnerability governance initiatives. Strong hands‑on expertise in Qualys VMDR, EASM, vulnerability prioritization, and stakeholder coordination is essential for success in this client‑facing, security‑critical role.

Key Responsibilities

Manage end-to-end vulnerability lifecycle using Qualys VMDR\r\n• Configure and execute authenticated/unauthenticated scans across on‑prem, cloud, and external assets\r\n• Prioritize vulnerabilities using risk-based scoring (Tru Risk/CVSS/exploitability)\r\n• Coordinate remediation with infrastructure, cloud, and application teams\r\n• Validate fixes, manage exceptions, and ensure SLA adherence\r\n• Produce clear technical and executive-level reports\r\n• Operate Qualys EASM to discover and track internet-facing/unknown assets\r\n• Configure and maintain authorized domains, sub‑domains, and IP ranges in Qualys EASM to ensure accurate external attack surface discovery\r\n• Identify misconfigurations such as open ports, expired certificates, typo squatted domain and exposed services\r\n• Track asset ownership and work with business/IT teams to assign accountability for external assets\r\n• Ensure adherence to defined remediation SLAs and governance requirements for external exposure risks\r\n• Support attack surface reduction initiatives through remediation tracking and exposure trend analysis\r\n

Skill Requirements

Must have strong knowledge of External Attack Surface Management, how to track down ownership for EASM finding and ensure closure.\r\n• Strong hands-on experience with:\r\no Qualys VMDR (asset inventory, scanning, prioritization, reporting)\r\no Authenticated scan troubleshooting and false-positive analysis\r\n• Solid understanding of vulnerability governance, remediation tracking, and metrics\r\n• Experience with ITSM tools (e.g., Service Now)\r\n• Ability to communicate security risks to technical and business stakeholders\r\n Good to Have\r\n• Qualys certifications\r\n• Exposure to threat intelligence feeds\r\n

Other Requirements

Soft Skills\r\n• Shall have good verbal/written communication skills\r\n• Good problem-solving capability, team player, good communication and documentation skills.\r\n• Should have client facing technical analysis report representation skill\r\n