Head of Compliance at Compass managing enterprise risk, information security, and multi - jurisdictional regulatory compliance. Building compliance frameworks in an exciting high - growth SaaS environment.
TI
Hybrid Junior Vulnerability Management and Compliance Analyst
Posted 5 months ago
About the role
- Junior Analyst in Vulnerability Management and Compliance at Tempest, focusing on technical guidance and vulnerability assessments. Collaborating with experts and working in a tech-driven environment.
Responsibilities
- Execute scans using VA tools (Tenable, Qualys, Fortra VM, or similar).
- Analyze identified vulnerabilities, assess initial severity, and assist with prioritization.
- Perform post-remediation validations and help investigate false positives.
- Analyze configurations and compliance deviations.
- Support baseline reviews (GPO, CIS, and internal benchmarks).
- Propose recommendations to improve security posture, under guidance from mid/senior team members.
- Monitor remediation metrics and record evidence submitted by clients.
- Document analyses and deliverables in Tempest's ticketing platform.
- Prepare technical reports and concise executive summaries.
- Use Python (or an equivalent language) for basic automation.
- Create simple scripts for data processing, spreadsheet generation, and analysis optimization.
- Follow team processes and contribute to operational improvements.
Requirements
- Foundations of Information Security (CIA — confidentiality, integrity, availability — and risk) and understanding of vulnerabilities (CVSS, impact, technical description).
- Technical English (reading and writing; conversational fluency is a plus).
- Basic knowledge of a programming language (Python, PowerShell, Go, or similar), including automation concepts, scripting, and simple pipelines (e.g., Python + Bash + Pandas).
- Basic knowledge of frameworks/methodologies such as CVSS, MITRE ATT&CK, NIST CSF, or ISO 27001.
- Foundations of networking and operating systems, including basic TCP/IP, ports, protocols, and basic network modeling.
- Prior experience (including internships) in Vulnerability Management, SOC, GRC, Infrastructure, IT, offensive security, or technical support.
- Experience or familiarity with tools such as Tenable.sc / Nessus, Qualys VMDR, Fortra VM, Rapid7, or similar.
- Experience with lightweight scripting (Python, PowerShell, or Bash) for automation, including API queries and basic data manipulation.
- Ability to interpret results and support analyses using these tools.
- Basic use of Windows and Linux, with knowledge of GPO, Active Directory, system hardening, and CIS benchmarks.
- Intermediate spreadsheet skills (Excel or Google Sheets).
Benefits
- Health insurance;
- Dental insurance;
- TotalPass — physical health and wellness;
- Childcare allowance per child;
- Empresa Cidadã: 6-month maternity leave;
- Home office allowance for fully remote employees;
- Flash Card — greater flexibility;
- Work arrangements: On-site, Hybrid, or Remote;
- Day Off — one day off to celebrate your birthday;
- Profit Sharing (PLR);
- Quarterly Revenue Target (MFT);
- Internal training/course program;
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Regional Regulatory Lead overseeing EUCAN regulatory strategy for pharmaceutical projects and products. Planning submissions, coordinating meetings, and collaborating with regulatory authorities.
Manager Regulatory Affair at Capgemini Engineering coordinating activities for the US market. Preparing submissions to the FDA and collaborating with internal teams for regulatory compliance.
Engineer IT Compliance responsible for compliance activities in regulated IT systems. Building partnerships with IT functions and ensuring regulatory alignment in pharmaceutical industry.
Regulatory Affairs Associate for managing new drug registrations and preparing documentation in the India Market. Collaborating with stakeholders and supporting compliance in bulk drug registration.
Senior Tech Compliance Analyst at Syneos Health responsible for global Technology Disaster Recovery efforts, collaborating with various teams and service providers.
BL
Chief Nuclear Officer serving as the nuclear safety authority for BaRupOn's SMR/MMR programs. Establishing safety frameworks and ensuring regulatory compliance within the organization.
International Trade Compliance Manager overseeing compliance with international trade regulations at Northrop Grumman. Leading a team and managing compliance initiatives across multiple locations in the US.
Compliance Manager leading Autodesk's Enterprise Compliance program. Ensuring compliance with SOX, PCI regulations and overseeing security controls across teams.
Compliance Student supporting compliance and risk management activities for individual insurance at iA Financial Group. Involves monitoring processes, collaborating with teams, and assisting with compliance tasks.