Qualys System Administrator

In person interview is must.

Our Client seeks to enhance its enterprise vulnerability and configuration assessment capabilities by procuring the services of a qualified Vulnerability Engineer with demonstrated experience in the administration and operational use of the QualysGuard platform. This role is critical to supporting the Countys ongoing threat and vulnerability management program and will play a key role in reducing the organizations risk exposure.

The Qualys System Administrator is responsible for the administration configuration and operational management of the Qualys Cloud Platform to support the organizations enterprise vulnerability management compliance and risk management programs. This role partners closely with Information Security GRC Infrastructure and Application teams to ensure accurate asset discovery vulnerability identification risk prioritization and remediation tracking in alignment with County policies.

Scope of Work:

1. Qualys Platform Administration

• Administer and maintain the Qualys Cloud Platform including (as applicable):
  • Vulnerability Management (VMDR)
  • Asset Inventory / Global AssetView
• Configure and manage scanners (internal passive and cloud-based).
• Maintain asset tagging strategies aligned with environments (Prod/Non-Prod) system owners data classifications and compliance scopes.
• Manage user roles permissions and access controls within Qualys.

2. Vulnerability Management Operations

• Execute scheduled and ad-hoc vulnerability scans across on-prem cloud and endpoint environments.
• Validate scan results reduce false positives and ensure data accuracy.
• Perform vulnerability triage and risk-based prioritization using CVSS exploitability threat intelligence and business context.
• Support remediation efforts by working with infrastructure application and cloud teams to validate fixes and re-scan assets.

3. GRC & Compliance Integration

• Map Qualys findings to regulatory and control frameworks (e.g. NIST SP 800-53 HIPAA Security Rule ISO 27001).
• Provide vulnerability and exposure data to support:
• • Risk register entries
  • Policy exception requests
  • Audit and assessment activities
• Generate compliance and executive-level reports for security leadership and governance committees.

4. Automation & Reporting

• Develop and maintain custom dashboards reports and scorecards for operational management and executive audiences.
• Leverage Qualys APIs to automate data extraction integrations and reporting (e.g. ServiceNow GRC ticketing SIEM)
• Support continuous monitoring initiatives by improving scan coverage frequency and data quality

5. Operational Governance

• Maintain standard operating procedures (SOPs) and technical documentation for vulnerability management processes.
• Participate in incident response risk review boards and security working groups as a subject matter expert.
• Support internal and external audits by providing evidence scan results and remediation validation.

Required Qualifications:

1. Technical Skills

• Hands-on experience administering the Qualys Cloud Platform (VMDR required).
• Strong understanding of vulnerability management concepts CVEs CVSS scoring and remediation workflows.
• Experience managing large-scale scanning environments (enterprise networks cloud endpoints).
• Working knowledge of Windows Linux networking and cloud platforms (AWS/Azure).
• Experience with asset inventory tagging and data normalization.
• Scripting or automation experience (Python PowerShell REST APIs).
• Experience integrating Qualys with ServiceNow (ITSM or GRC).

2. GRC & Risk Knowledge

• Familiarity with NIST SP 800-53 NIST RMF HIPAA Security Rule or equivalent frameworks.
• Ability to translate technical vulnerabilities into business and compliance risk.
• Experience supporting audits assessments or risk exception processes.

Desired Certifications:

• Qualys certifications (VMDR Policy Compliance Asset Management)
• Security certifications such as Security CEH CISSP or CISA