Senior Configuration Compliance Analyst; Information Security

Senior Configuration Compliance Analyst (Information Security) - 100% remote (EST)

Optomi, in partnership with one of the nation's largest credit unions (Top 10), is looking to add a Senior Configuration Compliance Analyst to their team! The Senior Configuration Compliance Analyst will support the Information Security team in establishing, governing, and maturing the organization’s security configuration baseline program across infrastructure, platforms, and cloud environments.

This role will act as the primary owner of configuration baseline governance, ensuring that security baselines are clearly defined, approved, implemented, and continuously monitored across enterprise systems. The analyst will partner closely with infrastructure, engineering, and development teams to ensure systems adhere to approved configuration standards aligned with CIS benchmarks and internal security policies.

The position requires a strong security lens combined with practical technical understanding to help guide implementation decisions, interpret compliance scan results, and work collaboratively with teams to remediate configuration deviations while maintaining system stability.

This role will start as a full-time (40 hours) contract on W2 that is budgeted through end of year. The client would look to extend or convert from there. Benefits (medical, dental and 401K) are offered through Optomi in the meantime.

• Own and manage the lifecycle of enterprise security configuration baselines across infrastructure, cloud, and application environments.
• Define, document, and maintain configuration standards aligned with CIS benchmarks and organizational security policies
  .
• Coordinate cross-team approvals to ensure configuration baselines are reviewed, validated, and adopted as the organization’s source of truth
  .

• Utilize security tooling such as Tenable and Obsidian to assess configuration compliance across enterprise systems.
• Analyze configuration scan results and identify deviations from approved baselines.
• Track findings and exceptions within Archer or similar governance platforms.

• Work with infrastructure, development, and operations teams to remediate configuration gaps and misconfigurations.
• Provide guidance to teams when secure configurations may conflict with operational requirements.
• Evaluate configuration exceptions and recommend secure alternatives when feasible.

• Identify opportunities to improve the efficiency and maturity of configuration compliance processes
  .
• Recommend improvements in how security tools are leveraged to automate scanning, monitoring, and remediation.
• Support implementation and integration of new tools such as Remedio and Tanium as they relate to configuration and patch compliance.

• Assist in preparation for internal and external audits by gathering and presenting configuration compliance evidence.
• Support regulatory and internal audits (including NCUA and other assessments) by providing metrics, reports, and documentation related to configuration controls.
• Partner with Information Security, IT Infrastructure, Dev Ops, and engineering teams to ensure alignment on configuration standards.
• Act as a subject matter resource on configuration security best practices and baseline implementation.

• Databases: SQL
• Cloud/Data Platforms: Snowflake
• Security Tools: Tenable, Obsidian, Archer

• 6–10+ years of experience in information security, configuration management, vulnerability management, or security engineering
• Strong understanding of security configuration standards such as CIS benchmarks
• Experience analyzing configuration compliance results from tools such as Tenable, Qualys, or similar platforms
• Ability to interpret technical scan results and translate them into actionable remediation guidance
• Experience working with cross-functional technical teams including infrastructure, security, and development
• Familiarity with governance and compliance processes related to…