Role Description:
We are looking for a Senior Security Engineer with extensive experience securing a Payment Card Industry (PCI) environment. This Senior Security Engineer will be responsible for securing the company applications, hardware, software, operating systems, and all other infrastructure systems. This position will facilitate integration with various enterprise IT teams to ensure projects and company initiatives are conducted according to company information security standards. You’ll also advise IT staff, risk management stakeholders, managers and staff regarding Information Security policies during IT project initiatives. This Senior Security Engineer will champion Information Security projects including security audits (PCI, SSAE-18, etc.), with a focus on application security, cloud security, automation, risk analysis, vulnerability testing and security reviews on Tickets.com infrastructure and systems.
? Be passionate about securing systems in a dynamic environment
? Ability to interface with all levels of employees up to executive level
? Ability to work both independently with little supervision and in a team environment
? Must be articulate and communicate effectively, both in written and oral formats
? Exercise troubleshooting and problem-solving skills
? Excellent attention to detail and organization skills
? Ability to maintain and meet schedules
Technologies and Experience:
? Bachelor of Science in Engineering or Computer Science (or equivalent) is required
? At least five (5) years of information security operations, information security architecture and security policy management and experience with:
? Lead role for security compliance efforts and company audits (e.g., PCIDSS, SSAE-18).
? Product release vulnerability and gap assessments per product release to support the company SDLC practices in addition to company security policies.
? Corporate wide vulnerability and gap assessments in order to create appropriate recommendations which result and ensure adequate levels of service and security.
? Implementing, configuring and administering SIEM products to ensure proper visibility into the environment and compliance requirements.
? Responsible for incident response escalation and process management.
? Developing and delivering information security training materials and performing annual security awareness including software development specific security trainings.
? Evaluate and recommend new and emerging security products and technologies by identifying and coordinating implementation of other security program elements such as patch policy, disaster recovery, fraud prevention and security incident response.
? Strong understanding of web-based applications and ability to troubleshoot load balanced, multi-tier application and container environment.
? Experience with cloud deployments (AWS, Azure, Oracle Cloud, and general IaaS, SaaS, PaaS deployments) with a focus on security
? Knowledgeable in Postman, Ansible, Python or other scripting languages for system automation.
? Key technical traits:
? Application and Infrastructure vulnerability testing - Rapid7 InsightVM
? Company-wide log and event monitoring - Splunk Enterprise
? Secured Application Access and control - Okta Identitiy Management
? Real time monitoring and auditing - SNORT, OSSEC
? Web Application Firewall solutions – ModSec
? Cryptographic management and solutions – SSL, IPSEC, HSM