Lead Security Compliance Analyst
What if security was an opportunity and not an obstacle? What if it wasn't a clunky afterthought, or a cumbersome requirement preventing you from doing the things you really want to do? What if you could securely advance your business with clarity and confidence? We like the sound of that, too! At Rapid7, we believe in simplifying the complex through shared visibility, analytics, and automation that unite teams around challenges and successes of cybersecurity. Our products and services empower over 9,100 customers across over 120 countries to seamlessly build security into the heart of their organizations.
Partnering with our customers to build lasting trust is essential to our joint success. That's why we're looking for a Lead Security Compliance Engineer to join our Trust & Security Governance team, focusing on our policy and compliance related programs. This role will partner closely with our Platform Delivery (DevOps), Software Engineering, and IT teams to deliver on the program goals.
Responsibilities
Educate partner teams on compliance programs, workflows, and processes including upcoming changes
Perform risk assessment and control gap analysis against policies and standards such as ISO, SOC 2, PCI, FedRAMP, and NIST
Create, organize, and articulate summarized risk findings that are clear and actionable by partner teams
Work closely with partner teams to deliver policy and compliance requirements in ways that are cost effective, align with business objectives and comply with security standards
Design, develop, and implement automation for continuous control monitoring, administrative tasks, and metric reporting for all security compliance programs
Monitor environments to verify the effectiveness of security controls and identify areas for improvement
Maintain knowledge of Rapid7’s products, environment, systems, and architecture
Maintain knowledge of industry trends and security landscape to drive roadmap and continuous program evolution
Create and maintain solutions to automate the discovery and remediation of noncompliant resources
Support internal and external auditors or advisors as needed
Qualifications
Experience implementing compliance-as-code approaches and tools, such as Chef InSpec, Terraform Sentinel, CFN Guard, or Open Policy Agent (OPA)
Experience creating post-deployment security checks with tools such as AWS Config and the Config Rule Development Kit (RDK), DivvyCloud, Azure Policy, or GCP Cloud Asset Inventory
You are passionate about security chaos engineering
Experience with DevOps tools such as Salt, Puppet, Chef, or Ansible
Demonstrated experience with security audit, security control assessments, risk assessment and compliance
Experience with serverless technologies such as Lambda, Docker, and Kuberneetes
Demonstrated experience with security standards/frameworks such as ISO, SOC 2, PCI, FedRAMP, NIST, etc.
Experience managing the implementation or enhancement of security controls across diverse business units
Effective negotiating, critical thinking and problem-solving skills, including the ability to develop innovative risk mitigation solutions that address core issues with limited supervision
Hands-on experience with scripting and coding to automate systems and security administration tasks in Python, Go, Javascript, or Rust
Additional Qualifications
One or more of the following: AWS Certified Solutions Architect Professional, AWS Certified DevOps Professional, GCP Professional Cloud Security Engineer, GCP Cloud DevOps Engineer Professional, Azure Security Engineer, Azure Solutions Architect, Azure DevOps Engineer, Hashicorp Security Automation Certified