Qualys

LeadVulnerabilityAnalyst

Pune, India FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Lead candidates.

The Brief

“Lead Vulnerability Analyst at Qualys. Skills: Vulnerability analysis, Incident response, Coordinated Vulnerability Disclosure, Security leadership. Assess and triage vulnerabilities. Coordinate software incident handling”

What You'll Achieve.

Ensuring that Qualys products maintain the highest security posture for our global customer base; Drive accountability; Accelerate remediation; Continuously mature the PSIRT function; Increase response speed, consistency, customer communications, stakeholder management, and audit-readiness; Provide leadership visibility into vulnerability posture and remediation trends

Industry & Context.

Problems you'll solve

Judgment to navigate complex vulnerability scenarios under pressure; Assess vulnerability impact at the code level; Identify recurring vulnerability trends and systemic weaknesses

What They're Looking For.

Must Have

7+ years of experience in vulnerability management, product security, application security, or security engineering, 3+ years of experience leading or operating within a PSIRT, CERT, or comparable incident response function, Demonstrated leadership in major incident handling, escalation management, and cross-functional coordination under time pressure, Deep technical expertise in operating system security (Linux), container security, client-side product security, and web application security, domain knowledge of C/C++, Java, and SaaS platform architectures, with the ability to assess vulnerability impact at the code level, Hands-on experience with CVE/CWE analysis, CVSS scoring, SSVC scoring, Expertise managing, leading, or materially supporting Coordinated Vulnerability Disclosure Programs, written and verbal communications skills, experience authoring customer-facing security advisories and communicating technical risk to executive and non-technical audiences

Nice to Have

Previous experience leading or contributing to offensive security, red teaming, or penetration testing operations, Familiarity with NIST SSDF, Coordinated Vulnerability Disclosure, and product security framewroks, Experience with SCA tools (e. g. , Black Duck, Snyk, Trivy), SAST platforms, and SBOM generation tooling (SPDX, CycloneDX), Hands-on expertise in C/C++, Java, and SaaS platform architectures, Proficiency with data lake architectures, security telemetry pipelines, and vulnerability analytics platforms, Active participation in the broader security community through research publications, conference presentations, or open-source contributions, Relevant certifications such as OSCP, OSCE, GPEN, GXPN, CSSLP, or equivalent

What You'll Do.

Assess and triage vulnerabilities

Coordinate software incident handling

Lead major incident response

Instrument and operate alerting systems

Hunt for CVEs and CWEs

Enable and manage escalation workflows

Review and enforce security policies

Coordinate determination of Affected Status

Assess engineering requests for security exceptions

Hold Product and Engineering teams accountable

and publish Product Security Advisories

Run the Coordinated Vulnerability Disclosure process

Coordinate security testing and validation

Support the development and maturation of PSIRT toolchain

Continuously improve PSIRT runbooks

Contribute to the design and operationalization of metrics

How You'll Work.

Team & Collaboration

Work closely with Engineering, Product Management, and Security leadership; Coordinate software incident handling across Engineering, Product, and Security teams; Manage cross-functional war rooms; Manage relationships with external researchers, CERTs, and industry partners

Communication Scope

Executive communication skills; Written and verbal communications skills; Authoring customer-facing security advisories; Communicating technical risk to executive and non-technical audiences; Customer communications; Stakeholder management

Process & Methodology

Cross-functional program management, Incident handling, Escalation management, Coordination under time pressure, Coordinated Vulnerability Disclosure Programs

Full Job Description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! **About the Role** Qualys is seeking a Lead Vulnerability Analyst to serve as a senior technical leader within the Product Security Incident Response Team (PSIRT). This individual will own the end-to-end lifecycle of vulnerability identification, triage, coordination, and disclosure across the Qualys product portfolio. You will operate at the intersection of security engineering, incident response, and cross-functional program management, ensuring that Qualys products maintain the highest security posture for our global customer base. This is a high-visibility role requiring deep technical expertise, collaboration, executive communication skills, and the judgment to navigate complex vulnerability scenarios under pressure. You will work closely with Engineering, Product Management, and Security leadership to drive accountability, accelerate remediation, and continuously mature the PSIRT function. This is a role for a mid-career professional that operates like an owner. **Key Responsibilities** **Vulnerability Assessment & Incident Coordination** * Assess and triage vulnerabilities reported through internal discovery, external researchers, and automated tooling across the Qualys product portfolio of more than 35 products. * Coordinate software incident handling across Engineering, Product, and Security teams in alignment with ISO/IEC 30111 and ISO/IEC 29147 standards. * Lead major incident response for high-severity and zero-day vulnerabilities, managing cross-functional war rooms through resolution. **Detection, Alerting & Trend Analysis** * Instrument and operate alerting systems to detect production vulnerabilities in shipped products and services. * Hunt for CVEs and CWEs affecting Qualys components, dependencies, and third-party integrations; identify recurring vulnerability trends and systemic weaknesses. * Enable and manage escalation workflows,

Free ATS check

Applying for this Lead Vulnerability Analyst role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 64 detected · ranked by frequency

Incident response ×3

Coordinated Vulnerability Disclosure ×3

Vulnerability identification ×3

Triage ×3

Coordination ×3

Disclosure ×3

Incident handling ×3

Detection ×3

Alerting ×3

Trend analysis ×3

Escalation workflows ×3

Policy review ×3

Compliance ×3

SLA tracking ×3

Remediation tracking ×3

Advisory authoring ×3

Toolchain development ×3

Process improvement ×3

Runbook development ×3

SOP development ×3

Playbook development ×3

Customer communication ×3

Stakeholder management ×3

Audit-readiness ×3

SBOM analysis ×3

SCA ×3

SAST integration ×3

Container security ×3

Vulnerability data lake infrastructure ×3

Vulnerability analysis ×2

Security leadership ×2

Linux

Role Details

Seniority mid

Experience 7–15 yrs

Level Lead

Work Mode No

Type FULL TIME

AI-Extracted Insights

Domain Areas

operating-system-security-linuxcontainer-securityclient-side-product-securityweb-application-securityc-cjavasaas-platform-architecturesnist-ssdf

Certifications

OSCPOSCEGPENGXPNCSSLP

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Qualys?

Real rants from real employees. Read before you apply.

Read Company Rants →