Posted today
Secret
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Security
Beltsville, MD (On-Site/Office)•Washington, DC (On-Site/Office)
SkyePoint Decisions is seeking an experienced Sr. Qualys Security Engineer to support our customer's enterprise vulnerability management initiatives. This role involves maintaining and optimizing Qualys toolsets, performing vulnerability assessments, and working collaboratively across technical teams to strengthen organizational cybersecurity posture.
This position is based on-site at either the Washington, DC or Beltsville, MD office, with occasional travel between the two locations.
What you’ll do:
Oversee day-to-day management of the Qualys platform including agents, scanners, and connectors.
Optimize scan configurations, authentication methods, and template deployments.
Review and interpret scan results to generate actionable intelligence for technical and non-technical audiences.
Partner with infrastructure, development, and SOC teams to validate findings and drive remediation efforts.
Automate tasks using Qualys APIs and custom scripts to support reporting and data integration.
Maintain an up-to-date asset inventory through discovery and classification workflows.
Minimize false positives through tuning and validation.
Conduct policy compliance assessments in support of regulatory frameworks.
Provide guidance and mentorship to junior analysts in vulnerability management best practices.
Required Qualifications
5+ years of hands-on expertise with Qualys.
Must be able to commute to Beltsville, MD or Washington, DC for full-time onsite work.
Secret clearance with the ability to obtain a Top Secret clearance is required.
Proficiency in scripting (Python, PowerShell, or Bash).
Familiarity with network protocols, OS security (Windows/Linux), and web application vulnerabilities.
Understanding of compliance standards and frameworks (e.g., NIST 800-53, CIS Controls, ISO 27001.)
Qualys Vulnerability Management & Policy Compliance.
Qualys Web Application Scanning.
Automation using Qualys APIs.
Network architecture and protocol knowledge.
Database and OS-level security.
Vulnerability lifecycle and remediation strategies.
Excellent written and verbal communication.
Strong problem-solving and analytical mindset.
Ability to operate independently or as part of a multi-disciplinary team.
Solid documentation and reporting practices.
Experience engaging with cross-functional stakeholders.
US Citizenship is required.
Preferred Qualifications
Professional certifications: CISSP, CEH, GIAC, or equivalent.
Exposure to other scanning tools (e.g., Tenable, Rapid7).
Familiarity with public cloud security models (AWS, Azure, GCP).
Experience with configuration management tools and CI/CD pipelines.
Background in system administration, network engineering, or DevSecOps.
This position is based on-site at either the Washington, DC or Beltsville, MD office, with occasional travel between the two locations.
What you’ll do:
Oversee day-to-day management of the Qualys platform including agents, scanners, and connectors.
Optimize scan configurations, authentication methods, and template deployments.
Review and interpret scan results to generate actionable intelligence for technical and non-technical audiences.
Partner with infrastructure, development, and SOC teams to validate findings and drive remediation efforts.
Automate tasks using Qualys APIs and custom scripts to support reporting and data integration.
Maintain an up-to-date asset inventory through discovery and classification workflows.
Minimize false positives through tuning and validation.
Conduct policy compliance assessments in support of regulatory frameworks.
Provide guidance and mentorship to junior analysts in vulnerability management best practices.
Required Qualifications
5+ years of hands-on expertise with Qualys.
Must be able to commute to Beltsville, MD or Washington, DC for full-time onsite work.
Secret clearance with the ability to obtain a Top Secret clearance is required.
Proficiency in scripting (Python, PowerShell, or Bash).
Familiarity with network protocols, OS security (Windows/Linux), and web application vulnerabilities.
Understanding of compliance standards and frameworks (e.g., NIST 800-53, CIS Controls, ISO 27001.)
Qualys Vulnerability Management & Policy Compliance.
Qualys Web Application Scanning.
Automation using Qualys APIs.
Network architecture and protocol knowledge.
Database and OS-level security.
Vulnerability lifecycle and remediation strategies.
Excellent written and verbal communication.
Strong problem-solving and analytical mindset.
Ability to operate independently or as part of a multi-disciplinary team.
Solid documentation and reporting practices.
Experience engaging with cross-functional stakeholders.
US Citizenship is required.
Preferred Qualifications
Professional certifications: CISSP, CEH, GIAC, or equivalent.
Exposure to other scanning tools (e.g., Tenable, Rapid7).
Familiarity with public cloud security models (AWS, Azure, GCP).
Experience with configuration management tools and CI/CD pipelines.
Background in system administration, network engineering, or DevSecOps.
group id: 10370519
