CBTS is seeking a highly skilled Qualys and Prisma Security Analyst to support our vulnerability and risk management program. This role involves designing dashboards, analyzing vulnerability risk trends, managing KPI/SLA breaches, and partnering closely with business stakeholders.
Responsibilities:
- Vulnerability & Risk Management
- Perform ongoing vulnerability analysis using Qualys Vulnerability Management (VMDR) or related Qualys modules
- Evaluate, prioritize, and categorize vulnerabilities based on organizational risk criteria
- Track remediation progress and escalate issues in alignment with risk management best practices
- Build custom dashboards, reports, and visualizations using Brinqa, Power BI, or similar analytics platforms
- Develop automated or scheduled reporting to support leadership, risk committees, and technical teams
- Translate complex vulnerability data into meaningful insights for both technical and non-technical audiences
- Monitor vulnerability remediation KPIs/SLA targets across multiple business units
- Identify KPI breaches and drive escalation workflows with technical teams, risk owners, and leadership
- Provide detailed KPI/SLA breach analyses and recommend corrective actions
- Collaborate with IT, Engineering, and Business leaders to ensure timely risk remediation
- Facilitate vulnerability review meetings and communicate risk impacts effectively
- Partner with teams and leadership aligned to Eastern Time Zone schedules
- Recommend enhancements to vulnerability management processes, tooling, and reporting
- Contribute to the development of risk scoring methodologies and data quality improvements
- Support audit and compliance requirements related to vulnerability and risk management
Requirements:
- 3+ years of experience in vulnerability management, risk analysis, or cybersecurity operations
- Strong hands-on experience with Qualys (VMDR or equivalent modules)
- Proficiency in building dashboards and reports using Brinqa, Power BI, or similar tools
- Solid understanding of risk frameworks and KPI/SLA governance
- Experience escalating issues and communicating risk within structured risk management processes
- Ability to work and collaborate with teams operating on Eastern Time Zone schedules
- Strong analytical and communication skills with the ability to simplify complex data
- Experience with additional GRC/Risk platforms (ServiceNow, Archer, Brinqa integrations, etc.)
- Familiarity with CVSS, threat intelligence, or vulnerability prioritization tooling (e.g., threat-based scoring)
- Certifications such as Security+, CySA+, CEH, or comparable