Compliance Research Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are looking for a motivated and meticulous Compliance Research Analyst to become a valuable part of our team. The ideal candidate will have strong technical expertise in operating systems, networking, applications, and databases, coupled with an in-depth understanding of security concepts and frameworks. This role requires extensive research, analysis, and scripting capabilities to develop and maintain compliance policies, technical standards, and remediation scripts.

Key Responsibilities

Technical Research & Policy Creation

• Conduct detailed analysis and technical specifications for developing compliance controls across multiple platforms, including Windows, Linux, macOS, network devices, Databases, and applications.
• Develop out-of-the-box technical standards and regulatory compliance policies based on frameworks such as CIS, DISA STIG, NIST, PCI-DSS, ISO, HIPAA, and others.
• Map out-of-box control to industry frameworks (e.g., MITRE, NIST) and add control categories, criticality ratings, and remediation steps.

Emerging Technology Research

• Investigate and evaluate technical aspects of emerging technologies, including architecture, installation, and hardening guidelines.
• Identify security vulnerabilities and design controls to mitigate potential threats.

Content Development & Maintenance

• Design and maintain scripts to automate compliance controls using scripting languages such as PowerShell, Python, and shell scripting.
• Create robust remediation scripts to address gaps in compliance while ensuring alignment with industry standards.
• Continuously enhance content to align with updates in benchmarks, policies, and customer requirements.

Collaboration & Delivery

• Work collaboratively with cross-functional teams (Development, QA, and Infrastructure) to deliver high-quality results on time.
• Support customers by addressing gaps in compliance standards and providing tailored solutions.

Required Technical Skills

• Strong knowledge of Windows, Linux, macOS, networking, applications, and database systems.
• Advanced proficiency in regular expressions (Regex).
• Understanding of industry hardening standards (e.g., CIS, DISA STIG, Microsoft SCT).
• Knowledge of security frameworks and regulations: NIST, ISO 27001/27002, GDPR, PCI-DSS, etc.
• Basic to advanced scripting skills (e.g., PowerShell, Python, Shell scripting).
• Experience with APIs and related tools (Postman, JMeter) is a plus.
• Familiarity with SaaS applications (e.g., O365, Zoom, Salesforce) and cloud platforms (e.g., Azure AD).

Required Soft Skills

• Strong problem-solving, analytical, and research skills.
• Excellent written and verbal communication abilities.
• Team player with a flexible and adaptable mindset.
• Positive attitude with a commitment to quality and continuous improvement.
• Ability to manage tasks independently and collaborate effectively in a distributed team environment.

Preferred Qualities

• Self-driven and detail oriented.
• Open to taking on diverse tasks and responsibilities.
• Capable of adapting quickly to evolving product specifications and requirements.

Work Environment

This position offers a dynamic and collaborative work environment that values innovation, continuous learning, and a commitment to excellence.