Sr Security Compliance

Qualys

Discover how Qualys helps your business measure & eliminate cyber threats through a host of cybersecurity detection & remediation tools. Try it today!

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Brief Description:

As a Senior Compliance Research Analyst, your job is to develop compliance solutions for the Policy Compliance line of products while working in the compliance, information security, and cyber/IT security domains. This role allows you to have a significant impact on Qualys' Compliance services.

Description:

• Create detailed technical specifications for Qualys Controls across various technologies like operating systems, databases, applications, and more.
• Develop content for Qualys Controls including statements, rationale, remediation, and framework mappings like NIST SP 800-53 R4.
• Establish technical security standards and policies in Qualys Policy Compliance for different technologies. Customize them using in-house expertise, industry standards, or guidelines from CIS, DISA STIG, Microsoft Security Baseline, etc.
• Create regulatory compliance policies for standards like DORA, PCI-DSS, NIST, and others.
• Customize technical standards to meet customer’s specific needs.
• Develop Policies and guidelines tailored to each customer's needs. Check these Policies, controls, and configurations from the perspective of auditors and customers to make sure they're right for different situations and meet all requirements.
• Align Qualys controls with industry regulations such as ISO 27001, NIST, HIPAA, PCI-DSS, and more.
• Understand and apply the MITRE framework and its tactics, techniques, and procedures (TTPs).
• Conduct research to develop compliance solutions for new and emerging technologies.
• Investigate and analyze customer issues, then provide solutions to close any gaps or flaws and better satisfy the requirements of the customer.
• Collaborate closely with development, QA, management, and infrastructure teams to deliver high-quality solutions promptly.

Requirements:

• Solid understanding and hands-on experience with operating systems, applications, network, security devices, and database security settings and configurations.
• Proficiency in creating technical specifications and policies.
• Having a solid grasp and strong research skills to identify the essential settings needed to implement and secure technology for enhanced security.
• Familiarity with common industry standards like CIS, DISA STIG, and Microsoft Security Baseline.
• In-depth knowledge and hands-on experience with regular expressions.
• Strong understanding of compliance frameworks such as NIST, ISO 27001/27002, CIS Controls, and others.
• Bonus if you have scripting skills like UNIX/Linux shell scripting, PowerShell, or Python.
• Strong research, analytical, and problem-solving skills.
• Keen interest in learning new technologies and adapting to changes quickly.
• Excellent communication and teamwork skills.
• Demonstrated capability for productive work in a fast-paced environment.