Senior Qualys Vulnerability Management Engineer

We are seeking a Senior Qualys Vulnerability Management Engineer to join the OT Cybersecurity team. This individual will serve as the organization's Qualys subject matter expert, owning the administration, optimization, and continuous advancement of the tool across operational technology (OT) environments.

The core requirement is deep, hands-on Qualys expertise. Experience with ServiceNow Vulnerability Response and OT/ICS environments is highly valued but primarily looking for a Qualys expert with a continuous improvement mindset who is eager to grow within the OT cybersecurity domain.

Essential Duties and Responsibilities

Qualys Platform Ownership

• Serve as the primary Qualys platform owner and subject matter expert for the OT Cybersecurity program.
• Administer, configure, and optimize Qualys VMDR environments including Cloud Agents, scanner appliances, scan profiles, asset grouping, and API-driven automation.
• Experience with Python, PowerShell, or Bash for API-driven automation.
• Leverage TruRisk scoring, EPSS, CISA KEV, and Real-Time Threat Indicators for risk-based vulnerability prioritization.
• Troubleshoot complex scanning issues and continuously evaluate new Qualys features and modules for adoption.

ServiceNow Integration Support

• Support and help optimize the Qualys–ServiceNow Vulnerability Response integration, ensuring accurate data flow, CI matching, and synchronized asset inventory.
• Collaborate with ServiceNow administrators on automated workflows, vulnerability orchestration, and data quality monitoring.

Vulnerability Analysis and Remediation

• Analyze scan results, validate findings, assess exploitability, and determine remediation priorities based on risk and operational impact.
• Partner with OT, IT, engineering, and plant operations teams to coordinate and track remediation efforts.
• Support alignment of vulnerability data across complementary tools including Tanium and Microsoft Defender.

Continuous Improvement and Security Posture Advancement

• Proactively identify gaps and inefficiencies in vulnerability management processes and propose measurable improvements.
• Establish and track metrics including mean time to detect, mean time to remediate, scan coverage, and TruRisk trends to demonstrate measurable progress.
• Advocate for security improvements through data-driven recommendations to leadership.
• Stay current on emerging threats, Qualys platform updates, and OT cybersecurity trends.

Reporting and Knowledge Sharing

• Build dashboards and reports to communicate vulnerability status, risk posture, and remediation progress to stakeholders.
• Maintain documentation of platform configurations, scan coverage, remediation workflows, and exceptions.
• Support internal and external audits.
• Mentor and train team members on Qualys best practices and vulnerability management workflows.

Requirements

• 3+ years of hands-on Qualys platform experience including VMDR, Cloud Agents, scanner appliances, scan tuning, and API usage.
• Strong understanding of the vulnerability management lifecycle — discovery, assessment, prioritization, remediation, validation, and reporting.
• Knowledge of risk-based prioritization using TruRisk, EPSS, CISA KEV, or similar frameworks.
• Working knowledge of ServiceNow or similar ITSM platforms with the ability to support vulnerability data integrations.
• Demonstrated track record of driving continuous improvement in security processes and outcomes.
• Excellent communication skills with the ability to engage effectively across technical teams, leadership, and diverse global stakeholders.
• Strong analytical and problem-solving skills.
• Self-motivated with a proactive mindset and willingness to learn OT/ICS environments.

Preferred Qualifications

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or related field.
• Experience in OT, manufacturing, or industrial environments.
• Deep experience with the Qualys–ServiceNow VR integration including ETM, USEM, and VMDR for ITSM 2.0.
• Hands-on experience with Tanium and Microsoft Defender.
• Familiarity with IEC 62443 and NIST Cybersecurity Framework.
• Certifications such as CISSP, CISM, CEH, GICSP, or Qualys platform certifications.

Key Competencies -What We Are Looking For

• Qualys Mastery
  • You know the platform deeply and can own it independently from day one.
• Continuous Improvement
  • You are never satisfied with good enough. You find ways to make things better and measure the results.
• Security-First Thinking
  • You evaluate every decision through the lens of reducing risk.
• Ownership
  • You take full accountability without waiting to be told what needs to be fixed.
• Curiosity
  • You are eager to learn OT/ICS and expand your expertise into new domains.