Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Join our growing cyber fusion center team as a Manager, Security Analyst, where you will be responsible for leading a team of security analysts focused on vulnerability management, endpoint protection, and cloud security posture. This role combines technical leadership with hands-on operational responsibility, emphasizing strategic oversight of Qualys solutions, CSPM, and EDR/EPP tools. You will drive key initiatives in automation, compliance, and threat management while mentoring junior staff and engaging with cross-functional teams to strengthen our enterprise security. A key aspect of this role includes leading the initiative to establish and operationalize the Qualys Risk Operations Center (ROC), leveraging the Qualys Enterprise TruRisk (ETM) module to provide a centralized and risk-based view of the organization’s security posture.

Key Responsibilities:

Leadership & Strategic Oversight:

• Lead and mentor a team of security analysts across vulnerability management, CSPM, and endpoint security functions.

• Provide technical leadership and guidance on best practices, security frameworks, and tooling across the cybersecurity domain.

• Collaborate with DevOps, Infrastructure, and Application teams to embed security into operations and development workflows.

• Drive strategic planning for security automation, tool integration, and policy improvements.

Vulnerability Management (Qualys):

• Oversee enterprise-wide deployment, optimization, and governance of Qualys Vulnerability Management and Policy Compliance modules.

• Ensure consistent and complete asset coverage across operating systems, databases, network devices, containers, and web applications.

• Perform vulnerability analysis, prioritize risk-based remediation, and support IT teams in mitigation strategies.

• Implement and manage system hardening policies in alignment with standards such as CIS Benchmarks, DISA STIG, and ISO 27001.

Cloud Security Posture Management (CSPM):

• Lead configuration audits, misconfiguration detection, and remediation across cloud environments (AWS, Azure, GCP).

• Integrate CSPM tooling with CI/CD pipelines and drive cloud governance initiatives across business units.

• Define security baselines and enforce compliance with regulatory frameworks and internal controls.

Endpoint Protection (EDR/EPP):

• Manage deployment and operational oversight of EDR/EPP solutions.

• Respond to endpoint threats, coordinate incident response, and work closely with the SOC for investigation and threat hunting.

• Ensure visibility and protection across all endpoint devices and integrate alerts into SIEM/SOAR platforms.

Automation & Orchestration:

• Design and implement automation workflows for recurring security tasks such as patch validation, asset scanning, and remediation tracking.

• Lead efforts in integrating security tools (Qualys, CSPM, EDR/EPP) with orchestration platforms for real-time monitoring and actioning.

• Optimize operational efficiency by reducing manual interventions and streamlining processes.

Governance, Risk, and Compliance:

• Ensure alignment with industry standards (NIST, ISO 27001, SOC 2) and internal governance policies.

• Drive regular internal audits, risk assessments, and support external compliance reviews.

• Maintain documentation of security configurations, workflows, and standard operating procedures.

Stakeholder Engagement:

• Liaise with product and engineering teams to understand upcoming changes and proactively address security impacts.

• Collaborate with Qualys support and user communities to resolve issues, stay updated on features, and promote knowledge sharing.

• Report regularly to senior leadership on risk posture, vulnerabilities, and improvement metrics.

Qualifications & Skills:

• Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Technology, or related field.

• Proficiency in deploying and managing Qualys VMDR and Policy Compliance, CSPM tools, and EDR/EPP platforms (e.g., CrowdStrike, SentinelOne, Defender).

• Proven experience in designing, implementing, and managing vulnerability and endpoint security programs.

• Strong understanding of cloud platforms (AWS, Azure, GCP) and secure DevOps practices.

• Experience in automation using tools such as Ansible, Python, or integration with SOAR.

• Excellent written and verbal communication skills; ability to convey technical risks to non-technical stakeholders.

• Relevant certifications preferred: CISSP, CISM, CEH, OSCP, GCFA, or Qualys Certifications.

Qualys is an Equal Opportunity Employer, please see our EEO policy.