Senior Compliance Research Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are looking for a detail-oriented and technically skilled Senior Compliance Research Analyst to join our growing team. In this role, you will be responsible for designing and developing security configuration controls and compliance policies across a range of technologies. You will conduct deep technical research, create high-quality security content, and contribute to the development of standards aligned with industry frameworks such as CIS, DISA STIG, NIST, MITRE, and others.

Key Responsibilities:

Technical Research & Control Development:

• Conduct Gap Analysis for CIS Benchmarks, DISA STIGs, and other standards across OS, applications, databases, and network technologies.
• Develop Qualys Policy Audit Controls, including control statements, rationales, remediation steps, severity levels, and framework mappings (e.g., NIST 800-53, MITRE ATT&CK).
• Translate secure configuration guidance from OEMs and industry best practices into implementable, auditable technical standards.
• Validate secure configurations in lab environments (physical, virtual, or cloud-based) to ensure accuracy and compliance.

Policy & Framework Alignment:

• Create and maintain custom and out-of-the-box compliance policies aligned with CIS, DISA STIG, Microsoft SCT, and other standards.
• Map security configuration controls to major frameworks such as MITRE ATT&CK, NIST CSF/800-53, CIS Controls, PCI-DSS, HIPAA, GDPR, ISO 27001, and more.
• Customize policy content and frameworks for regulatory and customer-specific requirements, ensuring audit-readiness.

Cross-functional Collaboration & Delivery:

• Engage with product managers, QA teams, and infrastructure groups to drive timely and high-quality delivery of compliance solutions.
• Partner with global support and customer success teams to address customer issues and build scalable, sustainable solutions.
• Provide expert guidance on hardening techniques, emerging risks, and secure deployment practices, whether in on-premise environments or cloud-based infrastructures.

Required Technical Skills:

• Proven experience securing and hardening OS, applications, databases, and network/security devices.
• Strong understanding of CIS Benchmarks, DISA STIGs, Microsoft SCT, and other consensus-based standards.
• Deep knowledge of cybersecurity frameworks: MITRE ATT&CK, NIST 800-53, CIS Controls, ISO 27001/27002, PCI-DSS, HIPAA, GDPR.
• Hands-on skills with regular expressions, configuration validation, and policy customization.
• Basic understanding of API security and testing tools such as Postman, JMeter.

Preferred Skills:

• Experience in creating custom Qualys Controls and Policies.
• Familiarity with scripting (Bash, PowerShell, Python) for configuration automation and validation.
• Background in configuration management tools like Ansible, Chef.

Soft Skills & Attributes:

• Strong problem-solving, analytical, and research skills.
• Team player with a flexible and adaptable mindset.
• Excellent written and verbal communication and documentation skills.
• Strong ownership mindset with ability to drive work independently.
• Ability to work in cross-functional, global teams and communicate across time zones.
• Passion for delivering quality work and continuous improvement.
• Comfortable handling high-priority escalations with urgency and professionalism.

Why Join Us?

• Join a globally respected cybersecurity leader delivering real-world impact.
• Work in a collaborative and innovative environment tackling real-time security and compliance challenges.
• Play a key role in shaping enterprise-grade security policies adopted at scale.
• Enjoy a culture focused on learning, ownership, and excellence.