PCI and Security Engineer

Posted:
10/28/2024, 9:34:23 AM

Location(s):
Florida, United States ⋅ Clearwater, Florida, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security ⋅ Software Engineering

Why Verifone

For more than 30 years Verifone has established a remarkable record of leadership in the electronic payment technology industry. Verifone has one of the leading electronic payment solutions brands and is one of the largest providers of electronic payment systems worldwide.

Verifone has a diverse, dynamic and fast paced work environment in which employees are focused on results and have opportunities to excel. We take pride in the fact that we work with leading retailers, merchants, banks, and third party partners to invent and deliver innovative payments solution around the world. We strive for excellence in our products and services, and are obsessed with customer happiness. Across the globe, Verifone employees are leading the payments industry through experience, innovation, and an ambitious spirit. Whether it’s developing the next platform of secure payment systems or searching for new ways to bring electronic payments to new markets, the team at Verifone is dedicated to the success of our customers, partners and investors. It is this passion for innovation that drives each one of our employees for personal and professional success.

What's exciting about the role

The Petro PCI & Security Engineer is responsible for ensuring the security and compliance of Petro's payment processing systems and applications. This role requires a deep understanding of PCI DSS standards, security best practices, and the specific challenges and requirements of the petroleum industry. The engineer will work closely with various teams within Petro to implement and maintain security measures, address customer security concerns, and facilitate compliance with regulatory requirements.

PCI-SSS

  • Validate Petro Commander applications and Petro cloud solution C-Site AOCs for compliance with PCI-SSS standards.
  • Conduct SSLC validation on an as-needed basis.
  • Maintain related documentation and manage annual training for the engineering team.

PCI-DSS

  • Oversee annual PCI-DSS compliance for Petro Client Services ROC (Helpdesk).
  • Create and maintain a responsibility matrix for PCI-DSS compliance.
  • Manage annual training requirements for all Petro support staff.
  • Monitor AOCs for TPSPs used by Verifone.
  • Support the VCS environment (Bastion host).

Customer Interaction

  • Address customer security assessment and penetration testing queries.
  • Respond to customer topology questions or issues.
  • Actively participate in Conexxus security working groups.
  • Address miscellaneous security questions.

Petro Engineering and Security

  • Provide guidance to engineering teams on security impact and prioritization of features.
  • Stay updated on PCI and security changes and raise appropriate tickets for engineering implementation.
  • Facilitate vulnerability assessment (VA) of Commander with each release.
  • Facilitate external penetration testing of Commander and C-Site annually.
  • Maintain and manage Commander support accounts.
  • Maintain and manage internal penetration testing tools.
  • Collaborate with the OS team to address CMDR OS CVEs.

Legal

  • Assist with security-related matters in Petro contracts, schedules, and amendments.
  • Coordinate customer requests for Petro AOCs.
  • Lead analyst for any Petro (or customer) forensic investigations, network breaches, or security notifications.
  • Serve as a liaison between Petro and other internal Verifone teams to ensure security consistency.

Skills and Experience we desire

  • Bachelor's degree in computer science, information security, or a related field.
  • Certification in PCI DSS (e.g., PCI DSS Qualified Security Assessor (QSA)) and security management (e.g., Certified Information Systems Security Professional (CISSP)).
  • Minimum of 5 years of experience in information security engineering, with a focus on payment card industry security.
  • Strong understanding of PCI DSS standards, security best practices, and risk management methodologies.
  • Experience with vulnerability assessment, penetration testing, and incident response.
  • Knowledge of network security, cryptography, and access control systems.
  • Excellent communication and interpersonal skills.
  • Ability to work independently and as part of a team.
  • Strong analytical and problem-solving skills.
  • Experience in the petroleum industry.
  • Familiarity with cloud security and compliance frameworks.
  • Knowledge of scripting languages (e.g., Python, PowerShell).
  • Experience with security incident response and forensics.

Our commitment

Verifone is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Verifone is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

#LI-HYBRID