Compliance Research Analyst Requisition ID 5194

Job Description

DescriptionAs a Compliance Research Analyst, you will be working in Compliance, Information Security, and Cyber/IT security domain developing compliance solutions for the Policy Compliance line of products. This opening provides you an opportunity to create a significant impact on the Compliance offering from Qualys. Description:
• Create detailed analysis and technical specifications to create Qualys Controls for various technologies such as operating systems, databases, applications, network devices, web servers, hypervisors, and others.
• Create content for Qualys Controls, such as the control statement, rationale, and remediation script/fix, and assigning control category, criticality ratings, and document mappings based on the NIST SP 800-53 r4 standard and others.
• Create out-of-box technical standards/policies in Qualys Policy Compliance for the above technologies and configure them on the basis of in-house expertise, industry best practice, or consensus guidelines from CIS, DISA STIG, Microsoft SCT, etc.
• Create out-of-box regulatory compliance policies for HIPAA, IT for SOX, PCI-DSS, NIST, etc.
• Create technical standards/policies for customer-specific requirements.
• Verify policies, controls, and control configurations for the above security standards/policies from auditors and customers point-of-view on various configuration scenarios to validate their suitability, applicability, and relevance.
• Map Qualys controls to various requirements from industry regulations, such as ISO 27001/2, HIPAA, PCI-DSS, SOX, GLBA, NIST, etc.
• Research and analysis to provide compliance solutions for new and emerging technologies.
• Research and analysis for CRM and provide solutions to address shortcomings and gaps for customer requirements.
• Work closely with the development, QA, management, and infrastructure teams/peers to provide high-quality deliverables with quick turnarounds.
What are we looking for in terms of hard skills:
• Strong knowledge, understanding, and hands-on experience of the operating system, application, Network & Security devices, and database hardening, configurations, and security settings.
• Strong knowledge and understanding of configuration and hardening guidelines, common industry/prescriptive standards such as CIS, DISA STIG, and Microsoft Security Compliance Toolkit (SCT).
• Good knowledge of cybersecurity and information security standards/frameworks such as NIST, ISO 27001/27002, and CIS Controls.
• Knowledge of regulatory and mandatory requirements such as HIPAA, PCI-DSS, and GDPR.
• Excellent research, reasoning, analytical, and troubleshooting skills.
• Scripting skills will be an added advantage, e.g. UNIX/Linux shell scripting, Perl, Python, etc.
• Hands-on experience in regular expressions.
• Strong knowledge and understanding of Azure AD, and SaaS Applications like O365, Zoom, Salesforce, DropBox, etc.
• Good knowledge of Application Programming Interface (API) and Postman, JMeter, etc applications for testing API
• Good knowledge of PowerShell
• Aptitude for new/emerging technologies.
• Ability/aptitude to learn new technologies, quickly adapt and apply them to changes in product and requirements.
What are we looking for in terms of soft skills:
• Take ownership for the successful delivery of the products, components, modules, and features assigned.
• Demonstrate high-quality focus and demonstrable scenarios of test-driven development.
• Excellent written and verbal communication.
• Self-motivated, team player, and detail-oriented with a can do positive and constructive attitude yet modest and humble attitude when it comes to collaborating within the team and across other teams.
• Self-driven; requires minimal supervision to work.
• Uncompromising attitude when it comes to quality and helps raise the bar of product, team members, and hence overall engineering organization.
• Ability to interact effectively at all levels of an organization, across diverse cultural and linguistic barriers, and as part of a geographically distributed team.
• Availability outside working hours for critical and high-priority events.
EEO Employer/Vet/Disabled,

Keyskills :
researchmarketingfinancial statementscustomer relationsbasispci dssweb serversshell scriptingnetwork devicessecurity devices