Senior Qualys Security Engineer

About The Position

Requirements

• 5+ years of hands-on expertise with Qualys.
• Must be able to commute to Beltsville, MD or Washington, DC for full-time onsite work.
• Secret clearance with the ability to obtain a Top Secret clearance is required.
• Proficiency in scripting (Python, PowerShell, or Bash).
• Familiarity with network protocols, OS security (Windows/Linux), and web application vulnerabilities.
• Understanding of compliance standards and frameworks (e.g., NIST 800-53, CIS Controls, ISO 27001.)
• Qualys Vulnerability Management & Policy Compliance.
• Qualys Web Application Scanning.
• Automation using Qualys APIs.
• Network architecture and protocol knowledge.
• Database and OS-level security.
• Vulnerability lifecycle and remediation strategies.
• Excellent written and verbal communication.
• Strong problem-solving and analytical mindset.
• Ability to operate independently or as part of a multi-disciplinary team.
• Solid documentation and reporting practices.
• Experience engaging with cross-functional stakeholders.
• US Citizenship is required.

Nice To Haves

• Professional certifications: CISSP, CEH, GIAC, or equivalent.
• Exposure to other scanning tools (e.g., Tenable, Rapid7).
• Familiarity with public cloud security models (AWS, Azure, GCP).
• Experience with configuration management tools and CI/CD pipelines.
• Background in system administration, network engineering, or DevSecOps.

Responsibilities

• Oversee day-to-day management of the Qualys platform including agents, scanners, and connectors.
• Optimize scan configurations, authentication methods, and template deployments.
• Review and interpret scan results to generate actionable intelligence for technical and non-technical audiences.
• Partner with infrastructure, development, and SOC teams to validate findings and drive remediation efforts.
• Automate tasks using Qualys APIs and custom scripts to support reporting and data integration.
• Maintain an up-to-date asset inventory through discovery and classification workflows.
• Minimize false positives through tuning and validation.
• Conduct policy compliance assessments in support of regulatory frameworks.
• Provide guidance and mentorship to junior analysts in vulnerability management best practices.

Benefits

• Certification incentive program
• PTO
• Floating federal holiday options
• Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]
• Flex Spending Accounts [FSAs]
• Full Dental Plans
• Vision
• ST/LT Disability
• Life Insurance
• 401k matched