Security Configuration Compliance Analyst

Role Summary

The role is accountable for developing, maintaining, and implementing IT infrastructure hardening documents, custom scripts, and Tripwire configuration templates to ensure secure and compliant configurations across the bank’s IT environment.

Roles & Responsibilities

a. Configuration Hardening Documents

• Develop and maintain standardized hardening documents for OS, DB, middleware, and infrastructure apps.

• Align documents with CIS, STIG, and vendor-specific controls.

• Ensure accuracy with organizational security policies and include automation tools like Tripwire.

• Apply version control and change management.

• Collaborate with policy owners for customizations.

b. Systems Configuration Compliance Automation

• Work with IT operations to deploy and maintain Tripwire.

• Guide teams in using and interpreting Tripwire templates.

• Develop custom scripts (Python, PowerShell, Bash) when default templates aren’t adequate.

• Automate deployment and troubleshooting of templates and scripts.

• Convert policy requirements into Tripwire configuration rules.

c. Configuration Compliance Monitoring and Reporting

• Use Tripwire/scripts to monitor system compliance.

• Analyze and report deviations from baselines.

• Communicate findings and remediation plans to stakeholders.

• Prepare regular/ad-hoc compliance reports.

d. Continuous Improvement

• Stay updated on security trends and Tripwire enhancements.

• Recommend process improvements.

• Contribute to policy and procedure refinement.

e. Technical Expertise

• Participate in technical reviews and propose hardening controls.

• Collaborate on evaluating security controls in projects.

• Recommend improvements aligned with bank standards.

• Manage and execute system hardening reviews.

3. Skills Required

• Strong understanding of OS, application infrastructure, databases, and network security.

• Proficiency in Windows, Linux, and Unix.

• Security hardening knowledge (CIS, STIG).

• Scripting (Bash, PowerShell, Python), regex skills.

• Knowledge of security frameworks: ISO 27001, NIST CSF, SOC 2, PCI DSS, HIPAA.

• Analytical and problem-solving abilities.

• Communication and documentation skills.

• Audit coordination and MIS preparation.

• Understanding of document/evidence lifecycle.

4. Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or related field.

5. Experience Required

• 5–7 years of experience in system administration and enterprise infrastructure hardening.

6. Preferred Qualifications & Experience

Security Certifications:

o CompTIA Security+

o CISSP

o CISA

o SSCP

o CIS Benchmarks/Tripwire certs

• System Admin Certifications:

o RHCSA

o Microsoft Certified: Windows Server Hybrid Administrator Associate

• Other Preferred Experience:

o Scripting with Python/PowerShell

o Regex proficiency

o API integrations for automation

o Experience in regulated industries

o Familiarity with other security tools