Qualys & Defender Specialist

Cloud Security Evaluation Consultant
(Qualys & Microsoft Defender)
2-3 Month Contract | Fully Remote | Outside IR35

Overview

We're seeking a hands-on Cloud Security Evaluation Consultant to perform a health-check and fit-gap analysis of two key platforms-Qualys Vulnerability Management and Microsoft Defender for Endpoint/Vulnerability Management. You'll research, test, and assess both tools' capabilities, configuration management processes, cost profiles, and operational overhead, then deliver clear recommendations and a phased roadmap.

Contract Details

• Duration: 2-3 months

• Location: Fully Remote

• IR35 Status: Outside IR35

• Start Date: ASAP

Key Responsibilities

1. Discovery & Scoping

   • Run workshops to capture existing tooling, processes, asset inventories, compliance needs, and SLAs.

2. Hands-On Testing / POC

   • Deploy small pilots of Qualys and Defender VM modules.

   • Validate scan coverage, authenticated vs. agent-based workflows, reporting, and dashboard usability.

3. Configuration Management Review

   • Audit and optimize Qualys scan templates, asset groups, and policy configuration pipelines.

   • Review Defender policy-as-code (Azure Policy, Intune, ATP settings), automation scripts, and vulnerability-management rules.

4. Fit-Gap & Cost Analysis

   • Produce a side-by-side matrix scoring each platform against key use-cases (compliance reporting, real-time alerting, integration).

   • Model licensing and operational costs (1-year and 3-year TCO scenarios).

5. Deliver Final Report & Roadmap

   • Executive summary with recommendations (adopt, co-deploy, or replace).

   • Phased implementation plan with risks, mitigations, and quick-win actions.

Essential Skills & Experience

• Qualys Vulnerability Management

  • Deep expertise configuring scan templates, authenticated scans, asset tagging, compliance modules, and report customization.

• Microsoft Defender for Endpoint / VM

  • Strong experience managing Defender policies (policy-as-code, Automated Investigation & Remediation, live vulnerability feeds).

• Configuration Management

  • Proven ability to build and maintain configuration pipelines (e.g., PowerShell, ARM/JSON templates, API-driven orchestration).

• Technical Analysis & Reporting

  • Hands-on POC execution, gap-analysis, cost/TCO modeling, and clear executive-level reporting.

• Facilitation & Communication

  • Skilled at running technical workshops and translating findings for both technical and business stakeholders.

Please apply with your up to date CV if you are interested or email it to me at