Compliance Research Analyst
Explicitly requires vibe coding skills — mentions AI assistants (GitHub Copilot, ChatGPT, Claude, Cursor) and LLM APIs for automating research and scripting.
About the Role
The Compliance Research Analyst will research, document, and automate compliance controls and Linux hardening across enterprise environments to support development and maintenance of compliance policies and technical standards (CIS/DISA/NIST/etc.). The role focuses on scripting and automation (Bash, Python, PowerShell), applying security frameworks, and exploring AI/LLM-assisted tooling to accelerate compliance workflows.
Job Description
Role
We are hiring a Compliance Research Analyst (2–3 years experience) to perform technical research, document compliance controls, and develop automation to support compliance policies and target configurations aligned with industry frameworks (CIS, DISA STIG, NIST, PCI-DSS, ISO, HIPAA).
Key Responsibilities
- Analyze and document compliance controls across Windows, Linux, macOS, and network devices.
- Support development of technical standards and compliance policies based on CIS, DISA STIG, NIST, PCI-DSS, ISO, HIPAA, and related frameworks.
- Map controls to frameworks (e.g., MITRE, NIST) and document categories, criticality, and remediation steps.
- Implement and validate Linux security hardening across RHEL, CentOS, Rocky, Alma, Ubuntu, and Debian distributions.
- Configure and manage disk partitioning, filesystems, mount options, LVM, SELinux, kernel parameters (sysctl), auditd and audit rules, SSH/PAM/sudo policies, cron/at access, and systemd services.
- Write and maintain Bash/shell scripts, Python, and PowerShell automation for compliance checks, remediation, and reporting.
- Explore and apply LLM APIs (OpenAI, Anthropic Claude) and AI-assisted tooling (GitHub Copilot, ChatGPT, Claude, Cursor) to assist research, content generation, and automation; learn prompt engineering techniques.
- Collaborate with Development, QA, and Infrastructure teams and support customers in addressing compliance gaps with practical documentation and solutions.
Required Technical Skills
- 2+ years hands-on Linux experience across at least one RHEL-based distribution and one Debian-based distribution.
- Hands-on knowledge of disk partitioning, filesystems, mount management, and LVM layouts.
- Experience with SELinux (enforcing mode), kernel tuning (sysctl), Linux auditing (auditd, ausearch, aureport), and exposure to CIS/DISA STIG hardening guidelines.
- Proficiency writing and troubleshooting Bash/shell scripts; Python scripting (basic to intermediate) preferred for automation; PowerShell for Windows or cross-platform tasks.
- Familiarity or interest in LLM APIs and AI-assisted development tools; experience using tools like GitHub Copilot, ChatGPT, Claude, Cursor is desirable.
- Foundational knowledge of Windows, macOS, networking, databases, regular expressions, and awareness of security frameworks (NIST, ISO, PCI-DSS, GDPR) and MITRE ATT&CK.
Soft Skills & Attributes
- Strong written and verbal communication skills; organized and attentive to detail.
- Eager to learn, self-motivated, collaborative in a distributed team environment, able to manage tasks with minimal supervision.
- Adaptable to changing requirements and interested in AI/ML trends applied to security and automation.
Preferred Qualifications
- Exposure to Postman and APIs is a plus.
- Familiarity with security control mapping, documentation of implementation approaches, exceptions, and remediation procedures.