Senior Compliance & Research Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are seeking an experienced, technically strong, and self-driven Senior Compliance Research Analyst to lead all automation, scripting, and AI-powered tooling efforts within our compliance engineering team. This is a hands-on technical role where you will be the primary owner of building, maintaining, and evolving the automation infrastructure that powers our compliance workflows. You will design and deliver production-grade scripts, intelligent pipelines, and LLM-integrated tools that accelerate compliance research, policy development, and remediation at scale. In addition to your automation ownership, you will bring solid compliance domain knowledge to ensure everything you build is grounded in real-world technical standards and frameworks. You are expected to operate independently, define and implement automation solutions, and contribute to improving the efficiency and scalability of the team’s workflows.

Key Responsibilities

Automation

•  Write advanced, production-ready automation scripts and tools in Python, Bash/Shell, and PowerShell with a strong emphasis on modularity, reusability, error handling, logging, testability, and maintainability.
• Own the full automation initiative for compliance workflows including scanning, checking, remediation, reporting, and content generation.
• Architect, build, and maintain a reusable automation library of production-grade scripts and tools in Python, Bash, and PowerShell.
• Independently deliver end-to-end automation solutions from requirements gathering and design through to deployment and maintenance.
• Identify manual and repetitive compliance tasks across the team and proactively build automation solutions to eliminate them.
• Maintain version control discipline using Repo, enforce branching and review workflows, and integrate automation output into CI/CD pipelines where applicable.

AI and LLM Integration

• Design, build, and maintain AI-powered compliance solutions using Large Language Models and APIs such as Anthropic Claude and OpenAI, including AI Agents and intelligent automation workflows.
• Build AI-assisted pipelines for automated benchmark research, control documentation generation, benchmark version diff analysis, and remediation script drafting.
• Integrate LLM APIs into internal tools to power intelligent compliance search, automated policy Q&A, control gap summarization, and research acceleration.
• Stay current with developments in the LLM and AI agent space and continuously identify new opportunities to apply these capabilities to compliance and security workflows.
• Establish quality and safety standards for AI-generated compliance content, including output validation, human review checkpoints, and accuracy benchmarking.

Compliance Research & Content Development Support

• Utilize strong expertise in compliance frameworks including CIS, DISA STIG, NIST 800-53/800-171, PCI-DSS, ISO 27001, HIPAA, and GDPR to ensure policies, automation outputs, and remediation guidance are accurate and framework-aligned.
• Develop and maintain technical standards, compliance policies, benchmark mappings, and hardening guidance across Windows, Linux, macOS, and cloud platforms.
• Design and implement Linux hardening baselines for RHEL, Ubuntu, CentOS/Rocky/Alma, and Debian systems including secure configuration of SSH, PAM, auditd, SELinux, sysctl, logging, disk layouts, and filesystem mount options aligned to CIS and DISA STIG requirements.
• Produce and maintain high-quality compliance deliverables including automation scripts, remediation guides, benchmark mappings, technical documentation, and customer-facing compliance content with proper version traceability.
• Collaborate with Development, QA, and Infrastructure teams to integrate compliance automation and validation into deployment workflows and product pipelines.

Linux Systems & Hardening

• Design and implement Linux hardening baselines for RHEL, Ubuntu, CentOS/Rocky/Alma, and Debian environments aligned with CIS Level 1/2 and DISA STIG requirements.
• Manage advanced Linux security configurations including LVM, LUKS encryption, SELinux policy management, filesystem mount options, kernel hardening through sysctl parameters, and firewall configuration.
• Build and maintain secure auditing and authentication controls including auditd rule sets, PAM configurations, and compliance-focused logging and monitoring practices.
• Harden critical Linux subsystems including SSH, cron, sudoers, syslog/rsyslog/journald, and related services using benchmark-aligned security best practices.

Required Technical Skills

• Advanced proficiency in Python, PowerShell, and Bash/Shell scripting with experience building modular, testable, production-grade automation tools featuring strong error handling, logging, documentation, and cross-platform compatibility.
• Hands-on experience developing AI-powered workflows using Claude and/or OpenAI APIs including prompt engineering, structured outputs, function calling, context management, and a AI agent development.
• Strong Linux administration and hardening expertise across multiple Linux environments including LVM, SELinux, sysctl tuning, PAM, auditd, SSH, firewall configuration, rsyslog, cron, sudoers, and systemd management.
• Proven experience implementing CIS Benchmark and DISA STIG hardening standards along with strong working knowledge of NIST 800-53, PCI-DSS, ISO 27001/27002, HIPAA, GDPR, and MITRE ATT&CK.
• Strong understanding of automation design patterns, secure scripting practices, troubleshooting methodologies, and scalable compliance workflow development across enterprise environments.
• Solid understanding of Windows, Linux, macOS, networking fundamentals, cloud platforms (AWS/Azure/GCP), and advanced Regex usage for configuring and validating benchmark compliance values within automation and compliance controls.

Required Soft Skills

• Strong written and verbal communication skills with the ability to present technical findings to both engineering and non-technical stakeholders.
• Demonstrated ability to independently manage and deliver complex projects end-to-end with minimal supervision.
• Proactive and solution-oriented mindset with the ability to identify gaps, inefficiencies, and improvement opportunities without requiring constant direction.
• Quick learner with a strong willingness to adapt to new technologies, compliance frameworks, automation approaches, and evolving business requirements.
• Positive attitude, strong work ethic, ownership mentality, and the ability to work effectively within collaborative and fast-paced environments.
• Highly organized with strong attention to detail, commitment to quality, and the ability to produce maintainable code and documentation.