Job Description

:
About the Role
We are seeking a highly skilled Vulnerability Management Specialist with hands-on experience in Qualys, secure configuration scanning, policy compliance scanning, and exposure to other vulnerability management tools and integrations. The ideal candidate will also have experience remediating vulnerabilities reported from Wiz and other cloud security platforms.
Key Responsibilities
Manage and maintain the enterprise vulnerability management program, ensuring timely identification and remediation of vulnerabilities across on-prem, cloud, and hybrid environments.
Perform vulnerability scans, secure configuration scans, and policy compliance scans using Qualys and other tools.
Analyze and remediate vulnerabilities reported from Wiz and other cloud security posture management (CSPM) solutions.
Integrate vulnerability management solutions with SIEM, ITSM, and patch management systems to streamline workflows.
Collaborate with IT, DevOps, and application teams to prioritize and remediate vulnerabilities based on risk and compliance requirements.
Develop and maintain dashboards, metrics, and reports for leadership and regulatory audits.
Stay current with emerging threats, vulnerabilities, and security best practices.
Support compliance initiatives (e.g., PCI-DSS, ISO 27001, SOC 2) by providing vulnerability and configuration compliance data.
Skills:
Required Qualifications
2+ years of experience in vulnerability management or related security roles.
Hands-on experience with Qualys (vulnerability scanning, secure configuration, and policy compliance modules).
Familiarity with Wiz or similar CSPM tools for cloud vulnerability and misconfiguration management.
Exposure to other vulnerability management tools (e.g., Tenable, Rapid7, Microsoft Defender for Endpoint).
Experience integrating vulnerability management tools with SIEM, ITSM, and patching solutions.
Strong understanding of operating systems (Windows, Linux), networking, and cloud environments (AWS, Azure, GCP).
Knowledge of CVSS scoring, risk-based prioritization, and remediation best practices.
Preferred Qualifications
Experience with scripting (Python, PowerShell) for automation.
Exposure to container security and cloud-native vulnerability scanning.
Relevant certifications (e.g., Qualys Certified Specialist, Wiz Certified Professional, CISSP, CEH, Security+).
Soft Skills
Strong collaboration and stakeholder management skills.
Ability to work in a fast-paced environment and manage multiple priorities.
About Company:
'Grant Thornton INDUS' comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isn't just what we do - it's how we do it. We support and enable the firm's purpose of making business more personal and building trust into every result. We're collaborators - obsessed with quality and ready for anything - who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thornton's access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India - Bengaluru and Kolkata

Skills Required