Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Join our growing cyber fusion center team as a Manager, Security Analyst, where you will be responsible for leading a team of security analysts focused on vulnerability management, endpoint protection, and cloud security posture. This role combines technical leadership with hands-on operational responsibility, emphasizing strategic oversight of Qualys solutions, CSPM, and EDR/EPP tools. You will drive key initiatives in automation, compliance, and threat management while mentoring junior staff and engaging with cross-functional teams to strengthen our enterprise security. A key aspect of this role includes leading the initiative to establish and operationalize the Qualys Risk Operations Center (ROC), leveraging the Qualys Enterprise TruRisk (ETM) module to provide a centralized and risk-based view of the organization’s security posture.
Key Responsibilities:
Leadership & Strategic Oversight:
- Lead and mentor a team of security analysts across vulnerability management, CSPM, and endpoint security functions.
- Provide technical leadership and guidance on best practices, security frameworks, and tooling across the cybersecurity domain.
- Collaborate with DevOps, Infrastructure, and Application teams to embed security into operations and development workflows.
- Drive strategic planning for security automation, tool integration, and policy improvements.
Vulnerability Management (Qualys):
- Oversee enterprise-wide deployment, optimization, and governance of Qualys Vulnerability Management and Policy Compliance modules.
- Ensure consistent and complete asset coverage across operating systems, databases, network devices, containers, and web applications.
- Perform vulnerability analysis, prioritize risk-based remediation, and support IT teams in mitigation strategies.
- Implement and manage system hardening policies in alignment with standards such as CIS Benchmarks, DISA STIG, and ISO 27001.
Cloud Security Posture Management (CSPM):
- Lead configuration audits, misconfiguration detection, and remediation across cloud environments (AWS, Azure, GCP).
- Integrate CSPM tooling with CI/CD pipelines and drive cloud governance initiatives across business units.
- Define security baselines and enforce compliance with regulatory frameworks and internal controls.
Endpoint Protection (EDR/EPP):
- Manage deployment and operational oversight of EDR/EPP solutions.
- Respond to endpoint threats, coordinate incident response, and work closely with the SOC for investigation and threat hunting.
- Ensure visibility and protection across all endpoint devices and integrate alerts into SIEM/SOAR platforms.
Automation & Orchestration:
- Design and implement automation workflows for recurring security tasks such as patch validation, asset scanning, and remediation tracking.
- Lead efforts in integrating security tools (Qualys, CSPM, EDR/EPP) with orchestration platforms for real-time monitoring and actioning.
- Optimize operational efficiency by reducing manual interventions and streamlining processes.
Governance, Risk, and Compliance:
- Ensure alignment with industry standards (NIST, ISO 27001, SOC 2) and internal governance policies.
- Drive regular internal audits, risk assessments, and support external compliance reviews.
- Maintain documentation of security configurations, workflows, and standard operating procedures.
Stakeholder Engagement:
- Liaise with product and engineering teams to understand upcoming changes and proactively address security impacts.
- Collaborate with Qualys support and user communities to resolve issues, stay updated on features, and promote knowledge sharing.
- Report regularly to senior leadership on risk posture, vulnerabilities, and improvement metrics.
Qualifications & Skills:
- Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or related field.
- Proficiency in deploying and managing Qualys VMDR and Policy Compliance, CSPM tools, and EDR/EPP platforms (e.g., CrowdStrike, SentinelOne, Defender).
- Proven experience in designing, implementing, and managing vulnerability and endpoint security programs.
- Strong understanding of cloud platforms (AWS, Azure, GCP) and secure DevOps practices.
- Experience in automation using tools such as Ansible, Python, or integration with SOAR.
- Excellent written and verbal communication skills; ability to convey technical risks to non-technical stakeholders.
- Relevant certifications preferred: CISSP, CISM, CEH, OSCP, GCFA, or Qualys Certifications.
Qualys is an Equal Opportunity Employer, please see our
EEO policy
.