Security Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We are looking for a Security Analyst to join our Cyber Fusion Center team, focusing on vulnerability management, policy compliance, and security posture management. In this role, you will support the day-to-day execution of security assessments using industry-leading tools including Qualys TruRISK Platform to detect, report, and coordinate remediation of vulnerabilities across Qualys environments. You will also contribute to improving compliance posture through policy enforcement, container and web application security testing, and audit readiness. This role is ideal for professionals passionate about security operations, compliance, and automation—driven to make an impact in a fast-paced, technology-focused environment. Key Responsibilities Vulnerability Management Program Deploy, configure, and maintain Qualys VMDR for continuous vulnerability scanning across on-premises and cloud-based assets. Manage asset groups, tag configurations, scan schedules, and coverage to ensure full visibility of security posture. Analyze scan results, identify high-risk vulnerabilities, and track remediation efforts across IT and engineering teams. Work with application owners and infrastructure teams to prioritize and resolve security issues within SLA. Generate detailed reports and executive summaries to communicate findings and track trends over time. Support integration of vulnerability data into dashboards or ticketing systems for automation and workflow management. Policy Compliance Configure and maintain the Qualys Policy Compliance (PC) module to assess systems against CIS, NIST, and internal benchmarks. Regularly review compliance scan results and coordinate with system administrators to resolve violations. Assist in developing and maintaining custom compliance policies based on organizational and regulatory requirements. Container Security Integrate container scanning tools (e.g., Qualys Container Security) into CI/CD pipelines to identify vulnerabilities in images before deployment. Monitor running containers for misconfigurations, outdated components, or privilege escalation risks. Partner with DevOps and engineering teams to embed container security best practices into the build and release lifecycle. Web Application Scanning Set up and manage Qualys WAS (Web Application Scanning) for internal and external web assets. Identify common vulnerabilities such as SQL injection, XSS, and misconfigurations in custom and third-party applications. Collaborate with application developers to review and resolve reported security issues efficiently. File Integrity Monitoring (FIM) Configure and maintain File Integrity Monitoring solutions to detect unauthorized changes in critical system and application files. Monitor alerts and ensure baselines are accurate, relevant, and maintained in line with system updates. Assist in defining rulesets and thresholds for actionable alerting. Audit & Compliance Support Contribute to internal and external audits by providing accurate reports, remediation evidence, and tool configurations. Ensure vulnerability and compliance-related controls are aligned with regulatory requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP. Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings. Security Operations & Automation Identify opportunities for automation within the vulnerability management lifecycle using scripting or orchestration platforms. Maintain dashboards, reports, and alerting mechanisms to provide continuous visibility into security posture. Collaborate with tool vendors, especially Qualys, to resolve issues, evaluate new features, and apply platform updates. Qualifications & Experience Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field. 2–4 years of hands-on experience in vulnerability management and security ... (truncated, view full listing at source)