Vulnerability Management (Qualys) Engineer

Krakow, Poland

Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.


Currently we are looking for a Vulnerability Management (Qualys) Engineer for our Krakow office to make the team even stronger.

The position requires experience implementing and maintaining Vulnerability Management systems.


  • Operate Qualys Platform;
  • Conduct vulnerability scans (network, operating system, database, and application) and/or ensure automated scans are taking place according to schedule and without errors;
  • Identify false positives and risk acceptance candidates;
  • Clearly understand and communicate risks associated with vulnerabilities;
  • Facilitate vulnerability remediation strategies;
  • Generate vulnerability reports to communicate to owners for patching;
  • Identify unauthorized devices for further investigation/escalation and escalate appropriately;
  • Review/refine, document asset tagging;
  • Develop and generate corresponding vulnerability and asset metrics based on industry best practice;
  • Automate and schedule reporting processes and integrate metrics with reporting tools;
  • Upstand common network and application attack types;
  • Exhibit knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards;
  • Conduct security reviews, risk analysis, and controls reviews in adherence to security policy.


  • English level B1/B2;
  • Experience in security engineering for at least for 2-3 years;
  • Proficiency in understanding the technical architecture of IT systems built using Windows, UNIX, Linux and DB platforms;
  • Vulnerability scanning and management tools – Qualys, Nessus, Rapid 7, McAfee or similar;
  • Experience configuring and using of any of the technical assessment tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, Wireshark, QualysGuard, Redseal or similar.

Nice to have

  • Security configuration checklists as DISA STIGs and CIS Benchmarks;
  • Experience with common vulnerability identification and validation tools (NMAP, OpenVAS, Metasploit, etc.);
  • Experience with RESTful APIs for automation is preferable;
  • Experience with creating Regular Expressions;
  • Knowledge of one or more programming/script languages for systems or process automation.

We offer

  • Possibility to be involved in an international project (Canada, China, Hong Kong, Mexico, USA, Switzerland, Germany, Sweden, United Kingdom, Russia, Belarus, Ukraine, Hungary, etc.);
  • Language classes (English and Polish);
  • Vast opportunities for self-development: online courses and library, experience exchange with colleagues around the world, partial grant of certification;
  • Career development center;
  • Possibility to take part in both: corporate and startup environment;
  • Possibility to relocate for short and long-term projects;
  • Relocation package for those who relocate to Krakow, Wroclaw, Katowice or Gdansk from other locations;
  • Benefit package (health care, multisport, lunch tickets, petrol vouchers and shopping vouchers, etc.);
  • Fruits on a weekly basis;
  • Sponsored sport activities, E-sport program;
  • We kindly ask you to include the following clause in your application: "Wyrażam zgodę na przetwarzanie danych osobowych zawartych w niniejszym dokumencie do realizacji procesu rekrutacji zgodnie z ustawą z dnia 10 maja 2018 roku o ochronie danych osobowych (Dz. Ustaw z 2018, poz. 1000) oraz zgodnie z Rozporządzeniem Parlamentu Europejskiego i Rady (UE) 2016/679 z dnia 27 kwietnia 2016 r. w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych oraz uchylenia dyrektywy 95/46/WE (RODO)";
  • Please note that only selected candidates will be contacted.