Lead Vulnerability Analyst at Qualys - ScoutJobs - The AI-curated global job board
Skip to content
ScoutJobs.AI
Log inGet started
Navigate
How it worksThe agent, step by stepFeaturesEverything else it doesPricingSimple plansFAQQuestions everyone asks
Log inGet started. Free.
Qualys
Posted 24 days ago

Lead Vulnerability Analyst

QualysLead Vulnerability Analyst
Apply now

Requirements

7+ years vulnerability management or product security experience, 3+ years PSIRT or CERT experience, Expertise in Linux, container, and web application security, Knowledge of C/C++, Java, and SaaS architectures, Experience with CVE/CWE analysis and CVSS scoring, Experience managing Coordinated Vulnerability Disclosure Programs

Skills

Vulnerability Managementincident responseProduct security

About the role

Responsibilities

  • Manage the end-to-end vulnerability lifecycle, including identification, triage, coordination, and disclosure across the Qualys product portfolio
  • Lead major incident response for high-severity and zero-day vulnerabilities, managing cross-functional war rooms
  • Coordinate software incident handling in alignment with ISO/IEC 30111 and ISO/IEC 29147 standards
  • Hunt for CVEs and CWEs affecting components, dependencies, and third-party integrations
  • Author and publish Product Security Advisories (PSAs) in compliance with CSAF VEX format
  • Manage Coordinated Vulnerability Disclosure (CVD) processes and relationships with external researchers and CERTs
  • Enforce security policies and hold engineering teams accountable for patching within defined SLAs
  • Support the maturation of the PSIRT toolchain, including SBOM analysis, SCA, and SAST integration

Requirements

  • 7+ years of experience in vulnerability management, product security, or security engineering
  • 3+ years of experience leading or operating within a PSIRT, CERT, or comparable incident response function
  • Deep technical expertise in Linux, container security, and web application security
  • Strong domain knowledge of C/C++, Java, and SaaS platform architectures
  • Hands-on experience with CVE/CWE analysis, CVSS scoring, and SSVC scoring
  • Proven experience managing or supporting Coordinated Vulnerability Disclosure Programs
  • Excellent written and verbal communication skills for authoring security advisories and communicating risk to executives

Preferred Qualifications

  • Experience in offensive security, red teaming, or penetration testing operations
  • Familiarity with NIST SSDF and various product security frameworks
  • Experience with SCA tools (e.g., Black Duck, Snyk, Trivy) and SBOM generation (SPDX, CycloneDX)
  • Proficiency with data lake architectures and security telemetry pipelines
  • Relevant security certifications such as OSCP, OSCE, GPEN, GXPN, or CSSLP

About the Company

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance, and IT solutions. With more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100, Qualys helps organizations streamline and automate their security and compliance onto a single platform.

ScoutJobs Agent

Get matches like this delivered daily

Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.

Get started — it's free

Lead Vulnerability Analyst

Qualys · Pune

Sign up to apply