Redian Software - L2 Security Analyst - VAPT

Job Summary :

We are looking for an experienced L2 Security Analyst with hands-on expertise in Vulnerability Assessment and Penetration Testing (VAPT), configuration reviews, and security scanning using Qualys.

The ideal candidate should have a solid understanding of security testing methodologies and the ability to identify, analyze, and report vulnerabilities across IT infrastructure and applications.

Key Responsibilities :

• Conduct regular vulnerability assessments using Qualys VMDR and other tools across endpoints, servers, networks, and cloud infrastructure.
• Perform manual verification and analysis of vulnerability scan results, filter false positives, and prioritize vulnerabilities based on risk.
• Carry out configuration reviews of operating systems, databases, network devices, and cloud platforms against security benchmarks (e.g., CIS, NIST).
• Support or lead penetration testing exercises (internal / external infrastructure) under the guidance of senior team members or independently.
• Coordinate with asset owners, application teams, and infrastructure teams for remediation planning and closure of vulnerabilities.
• Maintain documentation of scan results, risk ratings, technical impact, and mitigation steps.
• Assist in compliance-driven vulnerability assessments (PCI-DSS, ISO 27001, etc.).
• Monitor and manage scan schedules, asset inventory, and scan health in Qualys.
• Generate regular VAPT and configuration review reports for Skills & Qualifications :
• Bachelor's degree in Computer Science, Information Security, or related field.
• 25 years of hands-on experience in vulnerability scanning using Qualys & crowdstrike.
• Knowledge of penetration testing tools and techniques (Burp Suite, Nmap, Metasploit, etc.).
• Good understanding of OS (Windows / Linux), networking concepts, firewalls, and web technologies.
• Experience with security benchmarks and configuration standards (CIS, NIST).
• Familiarity with scripting (Python, Bash, PowerShell) for automation is a plus.
• Understanding of CVSS scoring, vulnerability lifecycle, and remediation best practices.
• Relevant certifications (e.g., CEH, CompTIA Security+, Qualys certifications) are preferred.

(ref : hirist.tech)