Cubical Operations
Website:
cubicaloperations.com
Job details:
Job Title: Qualys-VMDR
Location: Bangalore
Experience: 10 Years
Employment Type: Full-Time
Role Overview
We are seeking a hands-on Vulnerability Management & Security Posture Engineer with deep expertise in Qualys VMDR, Policy Compliance (PC), and Security Configuration Assessment (SCA). This role involves end-to-end ownership of vulnerability management, including asset discovery, scanning, posture assessment, and remediation lifecycle, with a strong focus on automation and continuous improvement.
Key Responsibilities
1. Asset Discovery & Scan Management
- Perform asset discovery using agent-based and network scanning techniques
- Configure and manage scan profiles (authenticated scans, port ranges, scheduling)
- Execute and monitor scans across on-prem, cloud, and endpoint environments
2. Vulnerability & Posture Assessment
- Analyze vulnerabilities and misconfigurations using VMDR and Policy Compliance
- Prioritize findings based on CVSS, exploitability, and business impact
- Assess systems against CIS benchmarks and organizational security baselines
3. Remediation & Automation
- Integrate vulnerability findings with ITSM tools (e.g., ServiceNow) for tracking
- Drive the remediation lifecycle: Open → In Progress → Validated → Closed
- Implement automation using Qualys CAR / QFlow where applicable
- Manage exceptions, risk acceptance, and compensating controls
4. Reporting & Stakeholder Communication
- Generate technical, compliance, and executive-level reports
- Build dashboards to track vulnerability trends and posture improvements
- Provide actionable remediation guidance and track SLA adherence
Must-Have Skills
- Strong hands-on experience with Qualys VMDR, Policy Compliance (PC), and SCA
- Solid understanding of CIS Benchmarks, CVSS scoring, and vulnerability lifecycle
- Experience with scan configuration, asset tagging, and risk prioritization
- Familiarity with ITSM integrations (ServiceNow preferred)
- Exposure to scripting/automation (Python, Shell)
Good to Have
- Experience with automation workflows (QFlow, SOAR tools)
- Knowledge of security frameworks: ISO 27001, NIST, CIS
- Exposure to compliance reporting and audit support
- Cloud security posture experience (AWS, Azure, GCP)
Key Deliverables
- Asset Inventory & Scan Coverage Reports
- Vulnerability Prioritization Matrix
- Compliance & Security Posture Assessment Reports
- Remediation Tracker & Automation Logs
- Executive Security Scorecards
What We’re Looking For
- Strong ownership mindset with attention to detail
- Ability to collaborate with cross-functional teams (Infrastructure, Cloud, Application teams)
- Proactive approach toward risk reduction, automation, and continuous improvement.
Click on Apply to know more.