Cyber Security Engineer

September 10

Apply Now

Receive Emails with Similar Jobs

Verifone

WebsiteLinkedInAll Job Openings

Verifone solves the world’s most complex payment challenges every day.

global electronic payment solutions leader • payment security • mobile payments • digital media

5001 - 10000

Description

• The Cyber Security Engineer will be responsible for designing, implementing, and maintaining security measures to protect our organization’s computer systems, networks, and data. • Help develop and implement security policies, protocols, and procedures. • Conduct regular security assessments, vulnerability scans, and penetration testing. • Design and implement security solutions, including firewalls, intrusion detection/prevention systems, and encryption technologies. • Prepare and present reports on security status and incidents to management. • Stay current with the latest security trends, threats, and technology solutions. • Understands, reviews, and interprets vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners. • Create detailed risk assessment reports which explain identified technical and logical security findings, describes potential business risks, and presents prioritized recommendations. • Develop and maintain documentation for security processes and compliance requirements. • Contribute to the ongoing enhancement of the company's security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables. • Maintain knowledge with current emerging technologies and advancements within Cybersecurity. • Provide expertise and solutions for others as a subject matter expert. • Monitor and enforce guidelines for best practices in security and compliance. • Orchestrate daily compliance requirements and tasks as required. • Review and respond to escalated security events. • Proactively hunt for vulnerabilities and threats within our environment. • Maintain knowledge of adversary tactics, techniques, and procedures (TTP). • Provide timely and relevant updates to appropriate stakeholders and decision makers. • Monitor and analyze security systems to detect and respond to security incidents. • Investigate security breaches and other security-related incidents. • Ensure the organization's adherence to the Payment Card Industry Data Security Standard (PCI DSS) requirements. • Conduct regular PCI DSS gap analysis and risk assessments to identify vulnerabilities. • Develop and implement remediation plans to address PCI DSS compliance issues. • Maintain and update PCI DSS compliance documentation, including policies, procedures, and security controls. • Conduct internal audits and readiness assessments to prepare for PCI DSS certification. • Work with external Qualified Security Assessors (QSAs) during official PCI DSS assessments. • Provide guidance and training to staff on PCI DSS requirements and best practices. • Monitor and manage PCI DSS compliance status and report to senior management. • Stay current with changes and updates to PCI DSS standards and ensure ongoing compliance. • Coordinate with external auditors and regulatory bodies during security audits and assessments. • Collaborate with IT and other departments to ensure comprehensive security strategies. • Manage and maintain Host Security Modules (HSM) to ensure the secure generation, storage, and usage of cryptographic keys. • Implement and enforce policies and procedures for cryptographic key management, including key generation, distribution, rotation, and destruction. • Ensure the secure handling and storage of cryptographic keys in compliance with industry standards and regulations. • Conduct regular audits of cryptographic key management processes to ensure compliance and identify areas for improvement. • Collaborate with internal teams to integrate HSM solutions with applications and systems. • Provide technical expertise and support for cryptographic key management and HSM-related issues. • Conduct regulation audits related to relevant regulations and standards (e.g., GDPR, ISO/IEC 27001, DORA, NIS2, and BaFin).

Requirements

• Bachelor’s degree in computer science or related field • 2+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management. • 2+ years’ experience supporting diverse IT systems, processes, or capabilities in large organizations • 2+ years of solid understanding of industry best practices for hands on, security vulnerability remediation. • 2+ years with SCCM, WSUS (or other, similar tools) running in an enterprise environment. • 2+ years in scripting of packaged installation of patches, software, and configuration changes, including the knowledge and ability to write PowerShell scripts needed to automate patch management processes. • Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.). • Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level. • Technical understanding of a range of enterprise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile. • Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)