Qualys

SeniorVulnerabilityAnalyst

Pune, India FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Senior Vulnerability Analyst at Qualys. Skills: Vulnerability Analysis, Product Security, Incident Response, Code-level assessment. Perform technical analysis of vulnerabilities. Triage vulnerability reports”

What You'll Achieve.

timely remediation; accurate status records for every open vulnerability; fix timelines; SLA conformance reports; delinquency summaries; technical accuracy, completeness, and consistency; verify fix effectiveness; confirm exploitability status; disclosure timelines; vulnerability posture; remediation velocity; trend data

Industry & Context.

Problems you'll solve

root-cause investigation; exploitability assessment; impact determination; accurate classification and priority assignment; assess the effectiveness of proposed fixes; technical depth during war-room triage; identify known and emerging vulnerabilities; proactively identify exposure; investigate vulnerability trends; systemic weakness surface findings; determination of Affected Status; technical justifications; compensating controls; residual risk

What They're Looking For.

Must Have

5+ years of experience in vulnerability analysis, product security, application security, or security engineering, 2+ years of experience operating within a PSIRT, CERT, or comparable vulnerability coordination function, written and verbale communication skills and attention to detail in technical documentation, technical skills in vulnerability analysis, including root-cause investigation, exploitability assessment, and CVSS/SSVC scoring, Demonstrated proficiency in operating system security (Linux), container security, and web application security, Working knowledge of C/C++, Java, and SaaS platform architectures sufficient to perform code-level vulnerability assessment, Hands-on experience with CVE/CWE analysis workflows, vulnerability databases, and threat intelligence sources, Experience drafting security advisories or technical vulnerability write-ups for external audiences

Nice to Have

Experience with offensive security techniques, penetration testing, or red team operations, Familiarity with vulnerability handing standards and best practices, Hands-on experience with SCA tools (e. g. , Black Duck, Snyk, Trivy), SAST platforms, and SBOM tooling (SPDX, CycloneDX), Familiarity with NIST SSDF, Coordinated Vulnerability Disclosure frameworks, and product security lifecycle models, Experience building detection rules, alerting logic, or security automation in scripting languages such as Python or Go, Exposure to data lake architectures, security telemetry pipelines, or vulnerability analytics platforms, Active participation in the security community through CTFs, research publications, conference presentations, or open-source contributions, Relevant certifications such as OSCP, GPEN, GWAPT, CSSLP, or equivalent

What You'll Do.

Perform technical analysis of vulnerabilities

Triage vulnerability reports

Analyze source code for findings

Support incident response efforts

Build and maintain alerting rules

Hunt for CVEs and CWEs

Monitor vulnerability databases

Investigate vulnerability trends

Track engineering remediation efforts

Coordinate Affected Status determination

Review security exception requests

Draft customer-facing Advisories

Coordinate Coordinated Vulnerability Disclosure

Develop and enhance PSIRT tooling

Maintain PSIRT runbooks

Build and refine dashboards

How You'll Work.

Team & Collaboration

Work across the full vulnerability lifecycle; Drive engineering teams toward timely remediation; Coordinate with counterparts in Security Operations; Work directly with product engineering owners; Collaborate with security testing teams; Manage researcher communications; Collaborate with a leadership team

Communication Scope

written and verbale communication skills; technical documentation; customer-facing Product Security Advisories (PSAs); researcher communications; executive communications

Full Job Description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! **About the Role** Qualys is seeking a Senior Vulnerability Analyst to join the Product Security Incident Response Team (PSIRT) as a hands-on technical practitioner. Reporting to the Lead Vulnerability Analyst, you will execute the day-to-day work of vulnerability discovery, triage, analysis, and remediation tracking across a product portfolio of more than 35 products. Where the Lead owns program-level strategy, cross-functional accountability, and executive communications, this role is responsible for the depth and rigor of the technical analysis that underpins every PSIRT decision. This is an individual contributor role for a mid-career security professional who thrives in the details: reviewing source code to assess exploitability, writing precise advisories, building detection logic, and driving engineering teams toward timely remediation. You will work across the full vulnerability lifecycle, from initial intake through coordinated disclosure, and contribute directly to the tools, automation, and processes that make the PSIRT function scale. **Key Responsibilities** **Vulnerability Analysis & Triage** * Perform deep technical analysis of reported vulnerabilities, including root-cause investigation, exploitability assessment, CVSS and SSVC scoring, and impact determination across affected products. * Triage incoming vulnerability reports from internal scanners, SCA tooling, external researchers, and coordinated disclosure channels, ensuring accurate classification and priority assignment. * Analyze source code in C/C++, Java, and web application frameworks to validate vulnerability findings and assess the effectiveness of proposed fixes. * Support major incident response efforts led by the Lead Vulnerability Analyst, providing technical depth during war-room triage of high-severity and zero-day vulnerabilities. **Detection, Monitoring & Threat Hun

Free ATS check

Applying for this Senior Vulnerability Analyst role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 38 detected · ranked by frequency

Vulnerability Analysis ×5

Product Security ×3

Incident Response ×3

Root-cause investigation ×3

Exploitability assessment ×3

CVSS scoring ×3

SSVC scoring ×3

Code review ×3

Detection logic ×3

Remediation tracking ×3

Advisory authoring ×3

Threat intelligence analysis ×3

Security automation ×3

Code-level assessment ×2

Python ×2

Go ×2

C/C++

Java

SaaS

Linux

Container security

Web application security

CVE

CWE

SCA

SAST

SBOM

SPDX

CycloneDX

NIST SSDF

Application security

Security engineering

Role Details

Seniority senior

Experience 5–10 yrs

Level Senior

Type FULL TIME

AI-Extracted Insights

Domain Areas

product-security-incident-responsevulnerability-discoverytriageanalysisremediation-trackingvulnerability-lifecyclecoordinated-disclosureoperating-system-security

Certifications

OSCPGPENGWAPTCSSLP

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Qualys?

Real rants from real employees. Read before you apply.

Read Company Rants →