Cyber Security Engineer

September 10

Apply Now
Logo of Verifone

Verifone

global electronic payment solutions leader • payment security • mobile payments • digital media

5001 - 10000 employees

Founded 1981

💳 Fintech

🛒 Retail

🏢 Enterprise

Description

• The Cyber Security Engineer will be responsible for designing, implementing, and maintaining security measures to protect our organization’s computer systems, networks, and data. • Help develop and implement security policies, protocols, and procedures. • Conduct regular security assessments, vulnerability scans, and penetration testing. • Design and implement security solutions, including firewalls, intrusion detection/prevention systems, and encryption technologies. • Prepare and present reports on security status and incidents to management. • Stay current with the latest security trends, threats, and technology solutions. • Understands, reviews, and interprets vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners. • Create detailed risk assessment reports which explain identified technical and logical security findings, describes potential business risks, and presents prioritized recommendations. • Develop and maintain documentation for security processes and compliance requirements. • Contribute to the ongoing enhancement of the company's security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables. • Maintain knowledge with current emerging technologies and advancements within Cybersecurity. • Provide expertise and solutions for others as a subject matter expert. • Monitor and enforce guidelines for best practices in security and compliance. • Orchestrate daily compliance requirements and tasks as required. • Review and respond to escalated security events. • Proactively hunt for vulnerabilities and threats within our environment. • Maintain knowledge of adversary tactics, techniques, and procedures (TTP). • Provide timely and relevant updates to appropriate stakeholders and decision makers. • Monitor and analyze security systems to detect and respond to security incidents. • Investigate security breaches and other security-related incidents. • Ensure the organization's adherence to the Payment Card Industry Data Security Standard (PCI DSS) requirements. • Conduct regular PCI DSS gap analysis and risk assessments to identify vulnerabilities. • Develop and implement remediation plans to address PCI DSS compliance issues. • Maintain and update PCI DSS compliance documentation, including policies, procedures, and security controls. • Conduct internal audits and readiness assessments to prepare for PCI DSS certification. • Work with external Qualified Security Assessors (QSAs) during official PCI DSS assessments. • Provide guidance and training to staff on PCI DSS requirements and best practices. • Monitor and manage PCI DSS compliance status and report to senior management. • Stay current with changes and updates to PCI DSS standards and ensure ongoing compliance. • Coordinate with external auditors and regulatory bodies during security audits and assessments. • Collaborate with IT and other departments to ensure comprehensive security strategies. • Manage and maintain Host Security Modules (HSM) to ensure the secure generation, storage, and usage of cryptographic keys. • Implement and enforce policies and procedures for cryptographic key management, including key generation, distribution, rotation, and destruction. • Ensure the secure handling and storage of cryptographic keys in compliance with industry standards and regulations. • Conduct regular audits of cryptographic key management processes to ensure compliance and identify areas for improvement. • Collaborate with internal teams to integrate HSM solutions with applications and systems. • Provide technical expertise and support for cryptographic key management and HSM-related issues. • Conduct regulation audits related to relevant regulations and standards (e.g., GDPR, ISO/IEC 27001, DORA, NIS2, and BaFin).

Requirements

• Bachelor’s degree in computer science or related field • 2+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management. • 2+ years’ experience supporting diverse IT systems, processes, or capabilities in large organizations • 2+ years of solid understanding of industry best practices for hands on, security vulnerability remediation. • 2+ years with SCCM, WSUS (or other, similar tools) running in an enterprise environment. • 2+ years in scripting of packaged installation of patches, software, and configuration changes, including the knowledge and ability to write PowerShell scripts needed to automate patch management processes. • Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.). • Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level. • Technical understanding of a range of enterprise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile. • Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)

Apply Now
Built by Lior Neu-ner. I'd love to hear your feedback — Get in touch via DM or lior@remoterocketship.com