Job Information
System One Qualys System Administrator in Rockville, Maryland
Job Title: Qualys Vulnerability Management Analyst
Location: Rockville, Maryland
Type: Contract
Compensation: Negotiable
Contractor Work Model: Hybrid
Scope of Work:
Qualys Platform Administration
• Administer and maintain the Qualys Cloud Platform, including (as applicable):
Vulnerability Management (VMDR)
Asset Inventory / Global AssetView
• Configure and manage scanners (internal, passive, and cloud-based).
• Maintain asset tagging strategies aligned with environments (Prod/Non-Prod), system owners, data classifications, and compliance scopes.
• Manage user roles, permissions, and access controls within Qualys.
- Vulnerability Management Operations
• Execute scheduled and ad-hoc vulnerability scans across on-prem, cloud, and endpoint environments.
• Validate scan results, reduce false positives, and ensure data accuracy.
• Perform vulnerability triage and risk-based prioritization using CVSS, exploitability, threat intelligence, and business context.
• Support remediation efforts by working with infrastructure, application, and cloud teams to validate fixes and re-scan assets.
- GRC & Compliance Integration
• Map Qualys findings to regulatory and control frameworks (e.g., NIST SP 800-53, HIPAA Security Rule, ISO 27001).
• Provide vulnerability and exposure data to support: o Risk register entries
Policy exception requests
Audit and assessment activities
• Generate compliance and executive-level reports for security leadership and governance committees.
- Automation & Reporting
• Develop and maintain custom dashboards, reports, and scorecards for operational, management, and executive audiences.
• Leverage Qualys APIs to automate data extraction, integrations, and reporting (e.g., ServiceNow GRC, ticketing, SIEM)
• Support continuous monitoring initiatives by improving scan coverage, frequency, and data quality
- Operational Governance
• Maintain standard operating procedures (SOPs) and technical documentation for vulnerability management processes.
• Participate in incident response, risk review boards, and security working groups as a subject matter expert.
• Support internal and external audits by providing evidence, scan results, and remediation validation.
Required Qualifications:
- Technical Skills • Hands-on experience administering the Qualys Cloud Platform (VMDR required).
• Strong understanding of vulnerability management concepts, CVEs, CVSS scoring, and remediation workflows.
• Experience managing large-scale scanning environments (enterprise networks, cloud, endpoints).
• Working knowledge of Windows, Linux, networking, and cloud platforms (AWS/Azure).
• Experience with asset inventory, tagging, and data normalization.
• Scripting or automation experience (Python, PowerShell, REST APIs).
• Experience integrating Qualys with ServiceNow (ITSM or GRC).
- GRC & Risk Knowledge
• Familiarity with NIST SP 800-53, NIST RMF, HIPAA Security Rule, or equivalent frameworks.
• Ability to translate technical vulnerabilities into business and compliance risk.
• Experience supporting audits, assessments, or risk exception processes.
Certifications:
• Qualys certifications (VMDR, Policy Compliance, Asset Management)
• Security certifications such as Security+, CEH, CISSP, or CISA
#M1
#LI-CB3
System One, and its subsidiaries including Joulé, ALTA IT Services, and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.
System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.
Ref: #851-Rockville-S1
System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.
System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.