L2 Security Analyst

Job Summary:

We are looking for an experienced L2 Security Analyst with hands-on expertise in Vulnerability Assessment and Penetration Testing (VAPT), configuration reviews, and security scanning using Qualys. The ideal candidate should have a solid understanding of security testing methodologies and the ability to identify, analyze, and report vulnerabilities across IT infrastructure and applications.

Key Responsibilities:

· Conduct regular vulnerability assessments using Qualys VMDR and other tools across endpoints, servers, networks, and cloud infrastructure.

· Perform manual verification and analysis of vulnerability scan results, filter false positives, and prioritize vulnerabilities based on risk.

· Carry out configuration reviews of operating systems, databases, network devices, and cloud platforms against security benchmarks (e.g., CIS, NIST).

· Support or lead penetration testing exercises (internal/external infrastructure) under the guidance of senior team members or independently.

· Coordinate with asset owners, application teams, and infrastructure teams for remediation planning and closure of vulnerabilities.

· Maintain documentation of scan results, risk ratings, technical impact, and mitigation steps.

· Assist in compliance-driven vulnerability assessments (PCI-DSS, ISO 27001, etc.).

· Monitor and manage scan schedules, asset inventory, and scan health in Qualys.

· Generate regular VAPT and configuration review reports for stakeholders.

Required Skills & Qualifications:

· Bachelor's degree in Computer Science, Information Security, or related field.

· 2–5 years of hands-on experience in vulnerability scanning using Qualys & crowdstrike

· Knowledge of penetration testing tools and techniques (Burp Suite, Nmap, Metasploit, etc.).

· Good understanding of OS (Windows/Linux), networking concepts, firewalls, and web technologies.

· Experience with security benchmarks and configuration standards (CIS, NIST).

· Familiarity with scripting (Python, Bash, PowerShell) for automation is a plus.

· Understanding of CVSS scoring, vulnerability lifecycle, and remediation best practices.

· Relevant certifications (e.g., CEH, CompTIA Security+, Qualys certifications) are preferred