Cyber Security Engineer (vulnerability management )

Cyber Security Engineer (vulnerability management )

Founded in 1999 in Vienna, the Qualysoft Group is a manufacturer-independent IT consulting and services company, which successfully provides support for its international customers with the aim of boosting their competitiveness and economic efficiency through innovative IT solutions.

Its focus is on financial services providers, telecommunications companies, the automotive industry and energy service providers. Over 400 employees in 6 subsidiaries work together to ensure state of the art solutions for our clients.

We are looking for new colleagues in Qualysoft teams for diverse projects providing continuous learning opportunities. Our common goal is to provide honesty, development and a stable background while getting to know the latest technologies. We are waiting for your application for the position below!

Responsibilities:

• Operate and optimize Qualys as the primary vulnerability scanning platform.
• Ensure full asset coverage across on-prem, cloud, and containerized environments.
• Validate scan results, reduce false positives, and maintain asset classification.
• Integrate CrowdStrike EDR signals to enrich vulnerability context.
• Apply CVSS, KEV and business impact analysis to prioritize vulnerabilities.
• Collaborate with threat intelligence to correlate vulnerabilities with active threats.
• Maintain a risk matrix and ensure alignment with current threat landscape.
• Escalate critical risks to governance forums and senior stakeholders.
• Define and enforce SLAs based on risk tiers.
• Coordinate remediation efforts with external IT service providers.
• Track and report remediation progress, exceptions, and delays.
• Ensure secure configuration and patching practices are followed.
• Develop and maintain vulnerability management policies and standards.
• Support internal and external audits with evidence and reporting.
• Participate in cyber risk governance and compliance reviews.
• Own the lifecycle of VM tooling (Qualys, integrations with SIEM, CMDB, ITSM).
• Drive automation of scanning, ticketing, and reporting workflows.
• Evaluate new technologies to improve coverage and efficiency.
• Define and maintain KPIs (e.g., MTTR, exposure window, SLA compliance).
• Produce dashboards and executive-level reports.
• Support continuous improvement through trend analysis and lessons learned.

Requirements:

• 5-8 years in cybersecurity, including vulnerability management leadership.
• Experience in managing enterprise VM programs and working with external IT providers.
• The successful candidate will have hands on experience in working in VM  Security Engineer role.
• They will have a track record of formal knowledge in cyber security field.
• Knowledge of Qualys, SIEM, EDR, forensic tools, and threat hunting frameworks.
• Familiarity with MITRE ATT&CK, NIST, and other industry standards.
• Excellent communication skills.
• Deep understanding of vulnerability lifecycle and risk-based prioritization.
• Openness to working with diverse technologies and tooling to provide robust Security Incident Management capability.
• Understanding of cybersecurity monitoring, detection and response, with the ability to forensically analyse, propose remediations and produce root-cause analysis reports.
• Ability to develop strong positive working relationships with teams across different business units and ensure collaboration is a priority.
• Strong communication and stakeholder management skills.
• Personal resilience and self-awareness.

Why we think you will love working here:

With us you count as a person, our doors are always open.

We live the Qualysoft Team Spirit and stand for transparency!

Fresh wind and new ideas are welcome, because standstill is a foreign word at Qualysoft.