Compliance Research Analyst

Engineering Requisition ID 3742 Pune, India

Description

Job profile:   

  • Create detailed analysis and technical specifications to create Qualys Controls for various technologies such as operating systems, databases, applications, network devices, web servers, hypervisors, and others.
  • Create content for Qualys Controls, such as the control statement, rationale, and remediation script/fix, and assigning control category, criticality ratings and document mappings based on the NIST SP 800-53 r4 standard and others.
  • Create out-of-box technical standards/policies in Qualys Policy Compliance for the above technologies and configure them on the basis of in-house expertise, industry best practice, or consensus guidelines from CIS, DISA STIG, Microsoft SCT, etc.
  • Create out-of-box regulatory compliance policies for HIPAA, IT for SOX, PCI-DSS, NIST, etc.
  • Create technical standards/policies for customer-specific requirements.
  • Verify policies, controls and control configurations for the above security standards/policies from auditors and customers point-of-view on various configuration scenarios to validate their suitability, applicability, and relevance.
  • Map Qualys controls to various requirements from industry regulations, such as ISO 27001/2, HIPAA, PCI-DSS, SOX, GLBA, NIST, etc.
  • Research and analysis to provide compliance solutions for new and emerging technologies.
  • Research and analysis for CRM and provide solutions to address shortcomings and gaps for customer requirements.
  • Work closely with the development, QA, management and infrastructure teams/peers to provide high-quality deliverable s with quick turnarounds.

What are we looking for in terms of hard skills:
  • Strong knowledge, understanding, and hands-on experience of the operating system, application, and database hardening, configurations and security settings.
  • Strong knowledge and understanding of configuration and hardening guidelines, common industry/prescriptive standards such as CIS, DISA STIG, and Microsoft Security Compliance Toolkit (SCT).
  • Good knowledge of cybersecurity and information security standards/frameworks such as NIST, ISO 27001/27002 and CIS Controls.
  • Knowledge of regulatory and mandatory requirements such as HIPAA, PCI-DSS, and GDPR.
  • Excellent research, reasoning, analytical and troubleshooting skills.
  • Scripting skills will be an added advantage, e.g. UNIX/Linux shell scripting, Perl, Python, etc.
  • Hands-on experience in regular expressions.
  • Aptitude for new/emerging technologies.
  • Ability/aptitude to learn new technologies, quickly adapt and apply them to changes in product and requirements.

What are we looking for in terms of soft skills:
  • Take ownership for the successful delivery of the products, components, modules, and features assigned.
  • Demonstrate high-quality focus and demonstrable scenarios of test-driven development.
  • Excellent written and verbal communications.
  • Self-motivated, team player and detail oriented with a 'can do' positive and constructive attitude yet modest and humble attitude when it comes to collaborating within the team and across other teams.
  • Self-driven; requires minimal supervision to work.
  • Uncompromising attitude when it comes to quality and helps raise the bar of product, team members and hence overall engineering organization.
  • Ability to interact effectively at all levels of an organization, across diverse cultural and linguistic barriers, and as part of a geographically distributed team.
  • Availability outside working hours for critical and high priority events.

EEO Employer/Vet/Disabled