Vulnerability Management Specialist
- Full Time
- Gurgaon, India View on Map
- @Securejobs posted 6 hours ago
- Posted : February 5, 2025 -Accepting applications
- Salary: ₹2,000,000.00 - ₹3,000,000.00 / Yearly
- View(s) 10
Job Detail
-
Job ID 1068
Job Description
Job Summary:
We are seeking a Subject Matter Expert (SME) in Policy Compliance and Vulnerability Management to lead the design, implementation, and optimization of security configuration assessments using Qualys Policy Compliance (PC), for an MNC. The ideal candidate will have hands-on experience with CIS Benchmarks, security hardening, and technical compliance assessments across multiple platforms, including Windows, Linux, Cloud, and Network devices.
Key Responsibilities:
1. Policy Compliance & Configuration Management:
- Configure and optimize Qualys Policy Compliance (PC) to assess system configurations against CIS Benchmarks, NIST, and other industry standards.
- Develop and maintain technical security configuration baselines for servers, endpoints, databases, cloud environments, and network devices.
- Conduct security configuration assessments, identify deviations, and provide remediation recommendations.
2. Technical Specification Development:
- Create detailed technical specifications for security policies based on CIS Benchmarks, NIST 800-53, ISO 27001, and internal security frameworks.
- Translate regulatory and compliance requirements into technical control implementations.
- Work with engineering and infrastructure teams to develop automated compliance checks.
3. Vulnerability & Risk Management:
- Integrate Policy Compliance results with broader Vulnerability Management programs.
- Perform security gap analysis and provide guidance on risk remediation.
- Work closely with DevOps, IT Operations, and Security teams to implement compliance controls in CI/CD pipelines.
4. Reporting & Documentation:
- Generate customized compliance reports from Qualys PC for audits, risk assessments, and executive leadership.
- Provide detailed compliance dashboards and metrics tracking.
- Maintain documentation for policies, standards, and compliance assessment methodologies.
5. Stakeholder Engagement & Collaboration:
- Work with security teams, auditors, and regulatory bodies to ensure compliance with industry standards.
- Provide training and mentorship on security compliance best practices.
- Collaborate with vendors and tool providers to enhance compliance assessment capabilities.
Required Skills & Qualifications:
✅ 7+ years of experience in IT Security, Policy Compliance, and Vulnerability Management.
✅ Strong expertise in Qualys Policy Compliance (PC) – hands-on experience configuring policies, running scans, and analyzing results.
✅ Deep understanding of CIS Benchmarks, DISA STIGs, NIST, ISO 27001, PCI-DSS, and other compliance frameworks.
✅ Experience developing security baselines and hardening guides for Windows, Linux, Databases, and Cloud environments.
✅ Proficiency in creating technical specifications for security controls.
✅ Knowledge of scripting and automation (PowerShell, Python, Ansible, or similar) to streamline compliance assessments.
✅ Familiarity with cloud security compliance (AWS, Azure, GCP) and native security tools.
✅ Strong analytical, documentation, and reporting skills.
✅ Certifications preferred: CISSP, CISA, CRISC, Qualys Certified Specialist, or relevant CIS Benchmarks certifications.
