Job Description :Job Summary:We are looking for an experienced L2 Security Analyst with hands-on expertise in Vulnerability Assessment and Penetration Testing (VAPT), configuration reviews, and security scanning using Qualys. The ideal candidate should have a solid understanding of security testing methodologies and the ability to identify, analyze, and report vulnerabilities across IT infrastructure and applications.Key Responsibilities:· Conduct regular vulnerability assessments using Qualys VMDR and other tools across endpoints, servers, networks, and cloud infrastructure.· Perform manual verification and analysis of vulnerability scan results, filter false positives, and prioritize vulnerabilities based on risk.· Carry out configuration reviews of operating systems, databases, network devices, and cloud platforms against security benchmarks (e.g., CIS, NIST).· Support or lead penetration testing exercises (internal/external infrastructure) under the guidance of senior team members or independently.· Coordinate with asset owners, application teams, and infrastructure teams for remediation planning and closure of vulnerabilities.· Maintain documentation of scan results, risk ratings, technical impact, and mitigation steps.· Assist in compliance-driven vulnerability assessments (PCI-DSS, ISO 27001, etc.).· Monitor and manage scan schedules, asset inventory, and scan health in Qualys.· Generate regular VAPT and configuration review reports for stakeholders.RequirementsRequired Skills & Qualifications:· Bachelor's degree in Computer Science, Information Security, or related field.· 2–5 years of hands-on experience in vulnerability scanning using Qualys & crowdstrike· Knowledge of penetration testing tools and techniques (Burp Suite, Nmap, Metasploit, etc.).· Good understanding of OS (Windows/Linux), networking concepts, firewalls, and web technologies.· Experience with security benchmarks and configuration standards (CIS, NIST).· Familiarity with scripting (Python, Bash, PowerShell) for automation is a plus.· Understanding of CVSS scoring, vulnerability lifecycle, and remediation best practices.· Relevant certifications (e.g., CEH, CompTIA Security+, Qualys certifications) are preferred
