Dedicated Cybersecurity Professional with over 5 years of hands-on experience in Vulnerability Management and Assessment, with deep expertise in Qualys VMDR. Proven ability to identify, analyze, and remediate vulnerabilities across diverse IT infrastructures, including cloud and on-prem environments. Skilled in risk analysis, prioritization, and stakeholder collaboration to drive timely and effective remediation. Experienced in developing actionable remediation plans, managing patch deployment, and maintaining clear and compliant documentation. Committed to continuous learning and staying up to date with the latest cybersecurity trends, threats, and best practices.
• Responsible for the daily operational work related to vulnerability management. VM-Scan scheduling and monitoring Scan reports, dashboards, and triage.
• Experience in working with vulnerability management or threat intelligence tools such as Qualys Guard, Qualys VMDR, and Nessus. Implement full infra vulnerability lifecycle management, including identification, correlation, assessment, remediation, and reporting.
• Handling production/non-production handover (PHP) changes in audits involving vulnerability remediation, policy compliance, log monitoring, antivirus, and integrity checks along with project management.
• Identifying false positives from the scan results. Respond, troubleshoot, and implement changes related to IVM (Infrastructure Vulnerability Management).
• Preferred experience with compliance regulations,SLAs, KPIs, and supplier governance concepts.
• Interfacing with cyclical patching teams and interlinked control areas to help drive remediation planning and "Path to Green" discussions to ensure vulnerability remediation remains compliant with SLAs.
• Collaborating with the platform teams, who are responsible for the global demise and decommissioning process (of servers and systems), to prioritise time-sensitive decommissions, ensuring these are successfully completed and supported by the relevant vulnerability remediation's.
• Involved in audits (SOC2, PCI DSS), both internal and external, and successfully completed..
• Deployed and configured the Qualys scanner appliances. Identified the assets and scanned them for vulnerabilities, including port scanning and port exclusions.
• Conducted On a monthly basis, governance calls with the client and discusses the current and future patching cycles and remediation. and also progress outstanding items for process review and improvement.
• Participate in incident response activities (using the ServiceNow tool) when needed, supporting the investigation and remediation of security incidents related to vulnerabilities.
• Creating different scan profiles, report profiles, and search lists in the Qualys console. and working on both scheduling the scans and ad-hoc requests.
• Scanning the devices in both authenticated and unauthenticated ways according to the requirements. and using Qualys agents and an IP-based approach to scan the devices as per the requirement.
• Creating different configuration profiles and activation keys for deploying Qualys agents across.
• Currently managing the vulnerability lifecycle across the client assets (more than 3k servers and more than 60k laptops and workstations) for multiple projects.
• Identifying vulnerabilities based on the high severity ratings (Sev 4 and 5) and pushing them for remediation. I made sure of the SLA involved with control operations.
• Followed up with the respective business units on the vulnerability remediation's. Work with vendors and support teams to validate vulnerability migrations and false positives when needed.
• Conducted weekly meetings with the different stakeholder groups and business units to understand the current position with respect to the remediation activities.
• I worked with a risk- and compliance-based approach to remediation of Qualys agent-related issues.
• Prepared the SOP and SOA based on the findings identified and applying the required controls.
• Involved in continuous learning and sharing knowledge for wellbeing of the company.
Vulnerability Assessment - Qualys, Nessus
undefinedCompTIA Security+