Cyber Security Engineer - Remote

Posted:
9/8/2024, 9:08:56 PM

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

Why Verifone

For more than 30 years Verifone has established a remarkable record of leadership in the electronic payment technology industry. Verifone has one of the leading electronic payment solutions brands and is one of the largest providers of electronic payment systems worldwide.

Verifone has a diverse, dynamic and fast paced work environment in which employees are focused on results and have opportunities to excel. We take pride in the fact that we work with leading retailers, merchants, banks, and third party partners to invent and deliver innovative payments solution around the world. We strive for excellence in our products and services, and are obsessed with customer happiness. Across the globe, Verifone employees are leading the payments industry through experience, innovation, and an ambitious spirit. Whether it’s developing the next platform of secure payment systems or searching for new ways to bring electronic payments to new markets, the team at Verifone is dedicated to the success of our customers, partners and investors. It is this passion for innovation that drives each one of our employees for personal and professional success.

What's exciting about the role

The Cyber Security Engineer will be responsible for designing, implementing, and maintaining security measures to protect our organization's computer systems, networks, and data. The ideal candidate will have a deep understanding of cyber security methodologies, a strong technical background, and the ability to stay ahead of emerging security threats.

General Responsibilities:

  • Help develop and implement security policies, protocols, and procedures.
  • Conduct regular security assessments, vulnerability scans, and penetration testing.
  • Design and implement security solutions, including firewalls, intrusion detection/prevention systems, and encryption technologies.
  • Prepare and present reports on security status and incidents to management.
  • Stay current with the latest security trends, threats, and technology solutions.
  • Understands, reviews, and interprets vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners.
  • Creates detailed risk assessment reports which explain identified technical and logical security findings, describes potential business risks, and presents prioritized recommendations.
  • Develop and maintain documentation for security processes and compliance requirements.
  • Contributes to the ongoing enhancement of the company's security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables.
  • Maintains knowledge with current emerging technologies and advancements within Cybersecurity.
  • Provides expertise and solutions for others as a subject matter expert.
  • Monitor and enforce guidelines for best practices in security and compliance.
  • Orchestrate daily compliance requirements and tasks as required.
  • Review and respond to escalated security events.
  • Proactively hunting for vulnerabilities and threats within our environment.
  • Maintain knowledge of adversary tactics, techniques, and procedures (TTP).
  • Provide timely and relevant updates to appropriate stakeholders and decision makers.
  • Monitor and analyze security systems to detect and respond to security incidents.
  • Investigate security breaches and other security-related incidents.

PCI DSS Responsibilities:

  • Ensure the organization's adherence to the Payment Card Industry Data Security Standard (PCI DSS) requirements.
  • Conduct regular PCI DSS gap analysis and risk assessments to identify vulnerabilities.
  • Develop and implement remediation plans to address PCI DSS compliance issues.
  • Maintain and update PCI DSS compliance documentation, including policies, procedures, and security controls.
  • Conduct internal audits and readiness assessments to prepare for PCI DSS certification.
  • Work with external Qualified Security Assessors (QSAs) during official PCI DSS assessments.
  • Provide guidance and training to staff on PCI DSS requirements and best practices.
  • Monitor and manage PCI DSS compliance status and report to senior management.
  • Stay current with changes and updates to PCI DSS standards and ensure ongoing compliance.
  • Coordinate with external auditors and regulatory bodies during security audits and assessments.
  • Collaborate with IT and other departments to ensure comprehensive security strategies.

HSM and Crypto Key Responsibilities:

  • Manage and maintain Host Security Modules (HSM) to ensure the secure generation, storage, and usage of cryptographic keys.
  • Implement and enforce policies and procedures for cryptographic key management, including key generation, distribution, rotation, and destruction.
  • Ensure the secure handling and storage of cryptographic keys in compliance with industry standards and regulations.
  • Conduct regular audits of cryptographic key management processes to ensure compliance and identify areas for improvement.
  • Collaborate with internal teams to integrate HSM solutions with applications and systems.
  • Provide technical expertise and support for cryptographic key management and HSM-related issues.
  • Stay current with advancements in cryptographic technologies and best practices.

Other Regulation Responsibilities:

  • Conduct regulation audits related to relevant regulations and standards (e.g., GDPR, ISO/IEC 27001, DORA, NIS2, and BaFin).
  • Ensure compliance with relevant regulations and standards (e.g., PCI DSS, GDPR, ISO/IEC 27001, DORA, NIS2, and BaFin).

Skills and Experience we desire

  • Bachelor’s degree in computer science or related field
  • 2+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management.
  • 2+ years’ experience supporting diverse IT systems, processes, or capabilities in large organizations
  • 2+ years of solid understanding of industry best practices for hands on, security vulnerability remediation.
  • 2+ years with SCCM, WSUS (or other, similar tools) running in an enterprise environment.
  • 2+ years in scripting of packaged installation of patches, software, and configuration changes, including the knowledge and ability to write PowerShell scripts needed to automate patch management processes.
  • Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.).
  • Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.
  • Technical understanding of a range of enterprise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile.
  • Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)

Additional Skills we desire

  • An understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, spidering, application flow charting, and session analysis
  • Technical understanding of current cybersecurity threats and trends
  • Knowledge and experience with the Windows and Linux operating systems
  • Familiarity with Metasploit, Contrast, AppSpider, Burp Suite, ZAP, and PumaScan.
  • Experience using Python, Ruby, Perl, PowerShell, BASH, or an equivalent language.
  • Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.
  • Ability to research, analyze data, and derive facts.
  • Familiarity with automated tools used to discover system and web application vulnerabilities such as Nmap, Qualys, rapid seven etc.…
  • Knowledge of system and/or web application vulnerabilities and risk assessment methodologies such as Common Vulnerability Scoring System (CVSS) or Open Web Application Security Project (OWASP) Risk Rating Methodology
  • Strong technical skills related to at least one of the following areas: information security, HSM key management, network security, Windows security, UNIX/Linux security, and web application security.
  • Able to multitask, prioritize, and resolve multiple inquiries at once.
  • Excellent communication (oral and written), interpersonal, organizational, and presentation skills.
  • Strong work ethic and self-motivation.
  • Ability to work independently, be creative, results-oriented, and adaptable, and have strong written and verbal communication skills.

Our commitment

Verifone is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Verifone is also committed to compliance with all fair employment practices regarding citizenship and immigration status.