POSITION SUMMARY: Client is looking for a seasoned engineer who believes that security is essential while also believing that supporting business goals is critical. Leads the development of PCI Governance program and demonstrates competency in complex IT Security concepts and their application in achieving PCI compliance requirements. At the same time, an individual who is flexible taking on additional security responsibilities in between delivering PCI milestones.
POSITION RESPONSIBILITIES: • Develop, document and implement new data protection policies, standards and processes to align with desired security compliance framework • Develop, document and implement internal controls testing and evidence documentation • Assist with audits and contribute to enhancement of the audit program and processes • Support the vendor security risk management function and assessment of current and potential vendors for security risks • Develop and perform periodic monitoring over various compliance processes throughout the company • Other responsibilities as identified and assigned • Advance knowledge of PCI DSS v3.2 compliance requirements and their implementation • Managing the development and use of techniques, procedures, and utilities for assessing risks to the company's sensitive information systems • Conducts vulnerability assessments, penetration testing, malware analysis, and reverse engineering POSITION REQUIREMENTS: • Bachelor's in Information Security, Computer Science, Engineering or similar desired, with 4+ years of professional experience working to secure consumer websites, mobile applications, or large corporate infrastructure a must • Demonstrated ability to manage complex security environments with multi-site WAN, LAN and WLAN infrastructure • Experience identifying Information Protection needs and defining System Security Requirements; designing System Security Architecture; developing detailed Security Designs--all while understanding business impact. • Prior technical and operational Networking experience with FWs, VPNs, load balancers, IDS, web applications, application proxies, SSL • Knowledge of vulnerabilities in Linux, Mac OS and Windows operating systems, databases, and networks, in relation to hardening, configuration, deployment, and administration • Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers • Knowledge and experience working with PCI DSS requirements mandatory--and with security standards and frameworks like ISO 27001 or SSAE16 is desirable • Experience managing Vulnerability Scanning and Network Penetration testing programs • Active member of IT Security user groups with security certification (CISSP, CEH, GWAPT, GPEN, OSCP, etc.) will be an added advantage • Demonstrated experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis. • Strong experience with a broad range of security technologies, including next generation firewalls, DLP, FIM, CASBY, NAC, IDS/ IPS, IdAM, SIEM, Endpoint Protection, Anti-malware • Effective communication skills, both written and verbal • Highly self-motivated with ability to tackle challenges without supervision • Exceptional organizational skills; detail-oriented • Strong time management skills; ability to juggle priorities; nimble • Personable and flexible with demands and changes in extremely fast-moving business environment; ability to quickly and seamlessly switch between strategic and tactical/executional tasks.
Desired Qualification: • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis • Knowledge of Palo Alto Networks, Fortinet or similar network security platforms • Experience with security in cloud provider ecosystems, including Amazon AWS, Microsoft Azure, and OpenStack