Senior Configuration Compliance Analyst (Information Security)

Senior Configuration Compliance Analyst (Information Security) - 100% remote (EST) Optomi, in partnership with one of the nation's largest credit unions (Top 10), is looking to add a Senior Configuration Compliance Analyst to their team! The Senior Configuration Compliance Analyst will support the Information Security team in establishing, governing, and maturing the organization's security configuration baseline program across infrastructure, platforms, and cloud environments. This role will act as the primary owner of configuration baseline governance, ensuring that security baselines are clearly defined, approved, implemented, and continuously monitored across enterprise systems. The analyst will partner closely with infrastructure, engineering, and development teams to ensure systems adhere to approved configuration standards aligned with CIS benchmarks and internal security policies. The position requires a strong security lens combined with practical technical understanding to help guide implementation decisions, interpret compliance scan results, and work collaboratively with teams to remediate configuration deviations while maintaining system stability. This role will start as a full-time (40 hours) contract on W2 that is budgeted through end of year. The client would look to extend or convert from there. Benefits (medical, dental and 401K) are offered through Optomi in the meantime. Key Responsibilities Configuration Baseline Governance Own and manage the lifecycle of enterprise security configuration baselines across infrastructure, cloud, and application environments. Define, document, and maintain configuration standards aligned with CIS benchmarks and organizational security policies . Coordinate cross-team approvals to ensure configuration baselines are reviewed, validated, and adopted as the organization's source of truth . Configuration Compliance Monitoring Utilize security tooling such as Tenable and Obsidian to assess configuration compliance across enterprise systems. Analyze configuration scan results and identify deviations from approved baselines. Track findings and exceptions within Archer or similar governance platforms. Remediation Coordination Work with infrastructure, development, and operations teams to remediate configuration gaps and misconfigurations. Provide guidance to teams when secure configurations may conflict with operational requirements. Evaluate configuration exceptions and recommend secure alternatives when feasible. Process Maturity and Tool Optimization Identify opportunities to improve the efficiency and maturity of configuration compliance processes . Recommend improvements in how security tools are leveraged to automate scanning, monitoring, and remediation. Support implementation and integration of new tools such as Remedio and Tanium as they relate to configuration and patch compliance. Audit and Compliance Support Assist in preparation for internal and external audits by gathering and presenting configuration compliance evidence. Support regulatory and internal audits (including NCUA and other assessments) by providing metrics, reports, and documentation related to configuration controls. Partner with Information Security, IT Infrastructure, DevOps, and engineering teams to ensure alignment on configuration standards. Act as a subject matter resource on configuration security best practices and baseline implementation. Technical Environment - Platforms and technologies may include: Databases: SQL Cloud/Data Platforms: Snowflake Security Tools: Tenable, Obsidian, Archer Required Qualifications 6–10+ years of experience in information security, configuration management, vulnerability management, or security engineering Strong understanding of security configuration standards such as CIS benchmarks Experience analyzing configuration compliance results from tools such as Tenable, Qualys, or similar platforms Ability to interpret technical scan results and translate them into actionable remediation guidance Experience working with cross-functional technical teams including infrastructure, security, and development Familiarity with governance and compliance processes related to configuration management Strong analytical and communication skills Preferred Qualifications Experience with configuration compliance tools such as Tenable, Obsidian, or similar Experience working with governance platforms such as Archer Exposure to cloud platform configuration security Familiarity with automation or remediation tools (e.g., Tanium , Remedio ) Experience supporting regulatory or internal audits What Success Looks Like (First 6–12 Months) Establish clear ownership and governance of the configuration baseline program Improve consistency and visibility into configuration compliance across platforms Reduce configuration drift through improved monitoring and remediation workflows Strengthen alignment between security standards and operational implementation Provide reliable configuration compliance reporting to support audit readiness J-18808-Ljbffr