legal
Added 1 weeks agoSenior Compliance & Research Analyst
at Qualys
Pune, IndiaOn-site
Responsibilities
- Own the full automation initiative for compliance workflows including scanning, checking, remediation, reporting, and content generation.
- Architect, build, and maintain a reusable automation library of production-grade scripts and tools in Python, Bash, and PowerShell.
- Independently deliver end-to-end automation solutions from
- Identify manual and repetitive compliance tasks across the team and proactively build automation solutions to eliminate them.
- Maintain version control discipline using Repo, enforce branching and review workflows, and integrate automation output into CI/CD pipelines where applicable.
- Build AI-assisted pipelines for automated benchmark research, control documentation generation, benchmark version diff analysis, and remediation script drafting.
- Integrate LLM APIs into internal tools to power intelligent compliance search, automated policy Q&A, control gap summarization, and research acceleration.
- Establish quality and safety standards for AI-generated compliance content, including output validation, human review checkpoints, and accuracy benchmarking.
- Develop and maintain technical standards, compliance policies, benchmark mappings, and hardening guidance across Windows, Linux, macOS, and cloud platforms.
- Design and implement Linux hardening baselines for RHEL, Ubuntu, CentOS/Rocky/Alma, and Debian systems including secure configuration of SSH, PAM, auditd, SELinux, sysctl, logging, disk layouts, and filesystem mount options aligned to CIS and DISA STIG requirements.
- Produce and maintain high-quality compliance deliverables including automation scripts, remediation guides, benchmark mappings, technical documentation, and customer-facing compliance content with proper version traceability.
- Collaborate with Development, QA, and Infrastructure teams to integrate compliance automation and validation into deployment workflows and product pipelines.
- Manage advanced Linux security configurations including LVM, LUKS encryption, SELinux policy management, filesystem mount options, kernel hardening through sysctl parameters, and firewall configuration.
- Build and maintain secure auditing and authentication controls including auditd rule sets, PAM configurations, and compliance-focused logging and monitoring practices.