Qualys System Administrator – Rockville, MD

About The Position

Requirements

• Hands-on experience administering the Qualys Cloud Platform (VMDR required).
• Strong understanding of vulnerability management concepts, CVEs, CVSS scoring, and remediation workflows.
• Experience managing large-scale scanning environments (enterprise networks, cloud, endpoints).
• Working knowledge of Windows, Linux, networking, and cloud platforms (AWS/Azure).
• Experience with asset inventory, tagging, and data normalization.
• Scripting or automation experience (Python, PowerShell, REST APIs).
• Experience integrating Qualys with ServiceNow (ITSM or GRC).
• Familiarity with NIST SP 800-53, NIST RMF, HIPAA Security Rule, or equivalent frameworks.
• Ability to translate technical vulnerabilities into business and compliance risk.
• Experience supporting audits, assessments, or risk exception processes.

Nice To Haves

• Qualys certifications (VMDR, Policy Compliance, Asset Management)
• Security certifications such as Security+, CEH, CISSP, or CISA

Responsibilities

• Administer and maintain the Qualys Cloud Platform, including (as applicable): o Vulnerability Management (VMDR) o Asset Inventory / Global AssetView
• Configure and manage scanners (internal, passive, and cloud-based).
• Maintain asset tagging strategies aligned with environments (Prod/Non-Prod), system owners, data classifications, and compliance scopes.
• Manage user roles, permissions, and access controls within Qualys.
• Execute scheduled and ad-hoc vulnerability scans across on-prem, cloud, and endpoint environments.
• Validate scan results, reduce false positives, and ensure data accuracy.
• Perform vulnerability triage and risk-based prioritization using CVSS, exploitability, threat intelligence, and business context.
• Support remediation efforts by working with infrastructure, application, and cloud teams to validate fixes and re-scan assets.
• Map Qualys findings to regulatory and control frameworks (e.g., NIST SP 800-53, HIPAA Security Rule, ISO 27001).
• Provide vulnerability and exposure data to support: o Risk register entries o Policy exception requests o Audit and assessment activities
• Generate compliance and executive-level reports for security leadership and governance committees.
• Develop and maintain custom dashboards, reports, and scorecards for operational, management, and executive audiences.
• Leverage Qualys APIs to automate data extraction, integrations, and reporting (e.g., ServiceNow GRC, ticketing, SIEM)
• Support continuous monitoring initiatives by improving scan coverage, frequency, and data quality
• Maintain standard operating procedures (SOPs) and technical documentation for vulnerability management processes.
• Participate in incident response, risk review boards, and security working groups as a subject matter expert.
• Support internal and external audits by providing evidence, scan results, and remediation validation.