Security Analyst

Overview

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are looking for a Security Analyst to join our Cyber Fusion Center team, focusing on vulnerability management, policy compliance, and security posture management. In this role, you will support the day-to-day execution of security assessments using industry-leading tools including Qualys TruRISK Platform to detect, report, and coordinate remediation of vulnerabilities across Qualys environments. You will also contribute to improving compliance posture through policy enforcement, container and web application security testing, and audit readiness.

This role is ideal for professionals passionate about security operations, compliance, and automation—driven to make an impact in a fast-paced, technology-focused environment.

Key Responsibilities

Vulnerability Management Program

• Deploy, configure, and maintain Qualys VMDR for continuous vulnerability scanning across on-premises and cloud-based assets.
• Manage asset groups, tag configurations, scan schedules, and coverage to ensure full visibility of security posture.
• Analyze scan results, identify high-risk vulnerabilities, and track remediation efforts across IT and engineering teams.
• Work with application owners and infrastructure teams to prioritize and resolve security issues within SLA.
• Generate detailed reports and executive summaries to communicate findings and track trends over time.
• Support integration of vulnerability data into dashboards or ticketing systems for automation and workflow management.
  
  
  

Policy Compliance

• Configure and maintain the Qualys Policy Compliance (PC) module to assess systems against CIS, NIST, and internal benchmarks.
• Regularly review compliance scan results and coordinate with system administrators to resolve violations.
• Assist in developing and maintaining custom compliance policies based on organizational and regulatory requirements.
  
  
  

Container Security

• Integrate container scanning tools (e.g., Qualys Container Security) into CI/CD pipelines to identify vulnerabilities in images before deployment.
• Monitor running containers for misconfigurations, outdated components, or privilege escalation risks.
• Partner with DevOps and engineering teams to embed container security best practices into the build and release lifecycle.
  
  
  

Web Application Scanning

• Set up and manage Qualys WAS (Web Application Scanning) for internal and external web assets.
• Identify common vulnerabilities such as SQL injection, XSS, and misconfigurations in custom and third-party applications.
• Collaborate with application developers to review and resolve reported security issues efficiently.
  
  
  

File Integrity Monitoring (FIM)

• Configure and maintain File Integrity Monitoring solutions to detect unauthorized changes in critical system and application files.
• Monitor alerts and ensure baselines are accurate, relevant, and maintained in line with system updates.
• Assist in defining rulesets and thresholds for actionable alerting.
  
  
  

Audit & Compliance Support

• Contribute to internal and external audits by providing accurate reports, remediation evidence, and tool configurations.
• Ensure vulnerability and compliance-related controls are aligned with regulatory requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP.
• Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings.
  
  
  

Security Operations & Automation

• Identify opportunities for automation within the vulnerability management lifecycle using scripting or orchestration platforms.
• Maintain dashboards, reports, and alerting mechanisms to provide continuous visibility into security posture.
• Collaborate with tool vendors, especially Qualys, to resolve issues, evaluate new features, and apply platform updates.
  
  
  

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.
• 2–4 years of hands-on experience in vulnerability management and security operations.
• Strong knowledge of Qualys VMDR, PC, WAS, Container Security, and FIM.
• Solid understanding of security control frameworks (e.g., CIS, NIST, ISO 27001) and compliance requirements.
• Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructure security.
• Proficiency in reading scan results, interpreting risk levels, and advising on remediation strategies.
• Excellent problem-solving skills and attention to detail.
• Strong written and verbal communication for documentation and stakeholder coordination.
• Preferred certifications: Security+, CEH, Qualys Certified Specialist, ISO 27001 Internal Auditor, or similar.
  
  
  

Good to Have

• Experience with automation (e.g., Python, PowerShell, APIs).
• Exposure to security ticketing systems (e.g., ServiceNow, Jira).
• Knowledge of CI/CD security integration and DevSecOps practices.