← back to jobs
> job detail
Q
👽Other

Compliance Research Analyst

qualys · Pune
// classified as
Other (Adjacent or hard to classify.)
posted
<1d ago
location
Pune
languages
python, shell
tools
> stack
pythonshell
> description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are looking for a motivated and detail-oriented Compliance Research Analyst with 2–3 years of experience to join our organization. The ideal candidate has foundational to intermediate hands-on knowledge of Linux systems, scripting, and security frameworks, along with a growing interest in automation and AI-powered tooling. This role involves research, analysis, and scripting to support the development and maintenance of compliance policies, technical standards, and target configuration as per CIS/DISA benchmarks. We value curiosity, a willingness to learn, and a strong work ethic over perfection.

Key Responsibilities

Technical Research & Policy Support

  • Assist in analyzing and documenting compliance controls across platforms including Windows, Linux, macOS, and network devices.
  • Support the development of technical standards and compliance policies based on frameworks such as CIS, DISA STIG, NIST, PCI-DSS, ISO, and HIPAA.
  • Help map controls to industry frameworks (e.g., MITRE, NIST) and document control categories, criticality ratings, and remediation steps.

Linux Systems & Hardening

  • Analyze, interpret, and implement Linux security hardening and compliance configuration requirements across enterprise server environments.
  • Work with Linux systems across enterprise distributions including RHEL, Ubuntu, CentOS, and Debian.
  • Configure and manage disk partitioning, filesystems, mount options, and LVM layouts for secure system deployments.
  • Configure and maintain SELinux in enforcing mode, including policy configuration, contexts, and validation of confined services.
  • Harden Linux systems by configuring kernel parameters, disabling unnecessary kernel modules, and applying secure sysctl settings.
  • Configure and manage auditd services, audit rules, log retention policies, and audit log analysis to support security monitoring, traceability, and compliance reporting.
  • Implement secure authentication and access control mechanisms including SSH hardening, PAM configuration, sudo policies, password controls, account restrictions, and cron/at access management.
  • Work with critical Linux configuration files including /etc/passwd, /etc/shadow, sudoers, SSH configuration, PAM modules, fstab, systemd services, and audit configurations.
  • Write and maintain Bash/shell scripts to automate compliance checks, remediation activities, configuration validation, and reporting tasks.
  • Research security hardening updates, understand control intent and rationale, and document implementation approaches, exceptions, and remediation procedures for Linux systems.

Automation & AI-Assisted Tooling

  • Write and maintain automation scripts using Python, Shell scripting, and PowerShell to support compliance workflows.
  • Explore and apply LLM APIs (e.g., OpenAI, Anthropic Claude) to assist with research, content generation, and task automation.
  • Support the development of AI-assisted tools and basic agent workflows under guidance from senior team members.
  • Learn and apply prompt engineering techniques to interact effectively with AI models for compliance use cases.
  • Contribute to automation libraries and reusable script templates for compliance checks and remediation.

Content Development & Collaboration

  • Develop and maintain compliance scripts using PowerShell, Python, and shell scripting.
  • Update and improve existing content as benchmarks, policies, and customer requirements evolve.
  • Work with cross-functional teams (Development, QA, Infrastructure) to deliver quality output on time.
  • Support customers by helping identify and address compliance gaps with practical, well-documented solutions.

Required Technical Skills

Linux

  • 2+ years of hands-on experience including:
    • At least one RHEL-based distribution (RHEL / CentOS / Rocky / Alma)
    • At least one Debian-based distribution (Ubuntu / Debian)
  • Working knowledge of disk partitioning, filesystems, and mount management
  • Basic to intermediate understanding of SELinux modes and contexts (good to have)
  • Familiarity with kernel parameter tuning via sysctl
  • Experience with Linux auditing (auditd, audit rules, ausearch, aureport)
  • Exposure to Linux system hardening guidelines (CIS Benchmarks or DISA STIG)
  • Ability to read, write, and troubleshoot Bash/shell scripts
  • Comfort working with system files: /etc/passwd, sudoers, SSH config, PAM, cron, syslog

Automation & Scripting (Required)

  • Python scripting (preferred for automation)
    • Basic to intermediate proficiency
    • Ability to independently write functional automation scripts
    • Used in place of shell where more effective
  • PowerShell scripting for Windows-based or cross-platform tasks
  • Experience using AI-assisted development (“vibe coding”) tools such as GitHub Copilot, ChatGPT, Claude, Cursor, or similar tools to accelerate scripting, troubleshooting, research, and automation workflows
  • Familiarity with or curiosity about LLM APIs (OpenAI, Anthropic Claude, or similar) and prompt-driven automation workflows
  • Familiarity with or curiosity about LLM APIs (OpenAI, Anthropic Claude, or similar)

General Technical Skills

  • Foundational knowledge of Windows, Linux, macOS, networking, and database systems
  • Basic to intermediate proficiency in regular expressions (Regex)
  • Awareness of industry hardening standards (CIS, DISA STIG, Microsoft SCT)
  • Familiarity with security frameworks: NIST, ISO 27001/27002, PCI-DSS, GDPR, etc.
  • Basic understanding of the MITRE ATT&CK framework
  • Exposure to APIs and tools like Postman is a plus

Required Soft Skills

  • Strong written and verbal communication skills
  • Eager to learn, grow, and take on new challenges
  • Team player who can collaborate in a distributed team environment
  • Organized and attentive to detail with a commitment to quality
  • Ability to manage assigned tasks independently with minimal supervision

Preferred Qualities

  • Self-motivated with a genuine interest in security and compliance
  • Comfortable asking questions and learning from feedback
  • Adaptable to changing requirements and priorities
  • Interest in AI/ML trends and how they apply to security and automation
Apply at qualys