L2 Security Analyst

• Conduct regular vulnerability assessments using VMDR and other tools across endpoints, servers, networks, and cloud infrastructure.
  
• Perform manual verification and analysis of vulnerability scan results, filter false positives, and prioritize vulnerabilities based on risk.
  
• Carry out configuration reviews of operating systems, databases, network devices, and cloud platforms against security benchmarks (e.g., CIS, NIST).
  
• Support or lead penetration testing exercises (internal/external infrastructure) under the guidance of senior team members or independently.
  
• Coordinate with asset owners, application teams, and infrastructure teams for remediation planning and closure of vulnerabilities.
  
• Maintain documentation of scan results, risk ratings, technical impact, and mitigation steps.
  
• Assist in compliance-driven vulnerability assessments (PCI-DSS, ISO 27001, etc.).
  
• Monitor and manage scan schedules, asset inventory, and scan health in Qualys.
  
• Generate regular VAPT and configuration review reports for stakeholders.

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field.
  
• 2–5 years of hands-on experience in vulnerability scanning using Qualys & CrowdStrike
  
• Knowledge of penetration testing tools and techniques (Burp Suite, Nmap, Metasploit, etc.).
  
• Good understanding of OS (Windows/Linux), networking concepts, firewalls, and web technologies.
  
• Experience with security benchmarks and configuration standards (CIS, NIST).
  
• Familiarity with scripting (Python, Bash, PowerShell) for automation is a plus.
  
• Understanding of CVSS scoring, vulnerability lifecycle, and remediation best practices.
  
• Relevant certifications (e.g., CEH, CompTIA Security+, Qualys certifications) are preferred.