Technical Lead - Qualys SME (Qualys Subject Matter Expert)
Happiest Minds Technologies · Bengaluru, Karnataka, India
Happiest Minds Technologies · Bengaluru, Karnataka, India
**Role: Qualys SME** Experience: 7-10 Yrs Share your updated CV to: **dhanunjaya.p.m@happiestminds.com** **Note: Looking for Immediate Joiners (0-15 Days)** **Strong Communication Skills** **Required Skills: (Mandatory)** - Qualys VMDR - Policy Compliance - Asset Management - WAS **Job Description:** **Role Overview** - We are looking for a hands-on **Vulnerability Management & Security Posture Engineer** with strong experience in **Qualys VMDR, Policy Compliance (PC), and Security Configuration Assessment (SCA)**. The role involves end-to-end ownership of asset discovery, scanning, vulnerability analysis, compliance posture evaluation, and remediation lifecycle management with automation. **Key Responsibilities** **1. Asset Discovery & Scan Management** - Perform asset discovery using agent-based and network scanning methods - Configure and manage scan profiles (authenticated scans, port ranges, schedules) - Execute and monitor scans across infrastructure, cloud, and endpoints **2. Vulnerability & Posture Assessment** - Analyze vulnerabilities and misconfigurations (VMDR + Policy Compliance) - Prioritize findings based on **CVSS, exploitability, and business impact** - Evaluate systems against CIS benchmarks and security baselines **3. Remediation & Automation** - Integrate with ITSM tools (e.g., ServiceNow) for ticketing and tracking - Drive remediation lifecycle: open in progress validated closed - Implement **auto-remediation using Qualys CAR / QFlow** - Manage exceptions, risk acceptance, and compensating controls **4. Reporting & Stakeholder Communication** - Generate technical, compliance, and executive reports - Build dashboards for vulnerability trends and compliance posture - Provide remediation guidance and SLA tracking **Must-Have Skills** - Strong hands-on experience with **Qualys VMDR, Policy Compliance (PC), SCA** - Good understanding of **CIS Benchmarks, CVSS, vulnerability lifecycle** - Experience with **scan configuration, asset tagging, and prioritization** - Familiarity with **ITSM integrations (ServiceNow preferred)** - Knowledge of **cloud security posture (AWS/Azure/GCP)** is a plus - Scripting/automation exposure (Python/Shell) preferred **Good to Have** - Experience with **automation workflows (QFlow / SOAR tools)** - Understanding of frameworks: **ISO 27001, NIST, CIS** - Exposure to compliance reporting and audit support **Key Deliverables** - Asset Inventory & Scan Coverage Reports - Vulnerability Prioritization Matrix - Compliance/Posture Assessment Reports - Remediation Tracker & Auto-remediation Logs - Executive Security Scorecards **Preferred candidate profile** - Strong ownership mindset with attention to detail - Ability to work with cross-functional teams (Infra, Cloud, App teams) - Proactive approach to risk reduction and automation