Job Title: Cyber Security Engineer
Location: Virtual, PA
Type: Full Time
Salary: $Open (Base)
Job Summary
This role supports the Client’s Business Enterprise Solutions teams and the PCI-as-a-Service/Security-as-a-Service areas. Responsible for incorporating operational and compliance monitoring of security controls and policies, review of security logs, reconciling security events, escalation of security violations or lack of timely remediation, risk assessment and risk management principles. Implements strategies and maintains subject matter expertise on industry best practices, particularly PCI. Ensures continuous measurement and communication of required metrics. Integrates knowledge of business and functional priorities.
Job Description
Core Responsibilities
- Manage day to day operations and service level agreements from the 3rd party security vendor to meet customer obligations.
- Coordinate the deployment of agents within client environment and work with client and 3rd party security vendor to configure the agent for monitoring of sensitive files and folders, and ensure centralized reporting.
- Ensure continuous compliance of controls (e.g. agents continue to report-in, device log health, etc.)
- Review daily log file reports from 3rd party security vendor and highlight potential errors or anomalies. Investigate and escalate issues to relevant information security, technology, operations team within Client’s for Client’s managed devices, or escalate to client for devices outside of Client’s managed services scope.
- Review or conduct monthly internal and external vulnerability scans. Escalate to relevant information security, technology, operations team within Client’s for Client’s managed devices, or escalate to client for devices outside of Client’s managed services scope. Launch or work with 3rd party security vendor to launch maintenance scans to ensure passing scans. Summarize status, findings and trends to internal and external leadership.
- Coordinate annual internal and external penetration tests with client and 3rd party security vendor. Escalate to relevant information security, technology, operations team within Client’s for Client’s managed devices, or escalate to client for devices outside of Client’s managed services scope. Launch or work with 3rd party security vendor to launch maintenance scans to ensure passing scans. Summarize status, findings and trends to internal and external leadership.
- Coordinate annual Self Assessment Questionnaire (SAQ) PCI-DSS requirement with clients and 3rd party security vendor. Provide on-demand SAQ portal support to clients in coordination with 3rd party security vendor. Report status, findings and trends to internal and external leadership.
- Coordinate system accessibility for Client’s and Client, and ensure access is appropriate and managed.
- Create or contribute to the development of policies and procedures related to assigned information security processes. Develops consistent and repeatable processes to support day to day operations and meet service levels. Develops, publishes, and communicates operating procedures and guidelines along, with any relevant policies and standard to support the assigned information security processes.
- Compile metrics for key processes to allow for accurate status reporting and trending to assist in review of current processes, and identify areas for performance/continuous improvement.
- Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
- Other duties and responsibilities as assigned.
- Ability to travel up to approximately 15% (Domestic USA)
Employees at all levels are expected to:
- Understand our Operating Principles; make them the guidelines for how you do your job.
- Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
- Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
- Win as a team - make big things happen by working together and being open to new ideas.
- Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
- Drive results and growth.
- Respect and promote inclusion & diversity.
- Do what's right for each other, our customers, investors and our communities.
Education Level: Bachelor’s Degree or Equivalent in technology or security field
Field of Study: Information Sciences, Technology
Certifications: PCI ISA, CISSP, CRISC or CISM
Years of Experience: Generally requires 7-10 years of information security experience
Skills:
- Working knowledge of PCI DSS. Familiarity with other security/industry standards (e.g. NIST, CVSSv3, OWASP etc.)
- Hands-on experience with the remediation of security vulnerabilities
- Excellent written and verbal communication skills
Requirements
Certifications: PCI ISA, CISSP, CRISC or CISM
Years of Experience: Generally requires 7-10 years of information security experience
Skills:
- Working knowledge of PCI DSS. Familiarity with other security/industry standards (e.g. NIST, CVSSv3, OWASP etc.)
- Hands-on experience with the remediation of security vulnerabilities
- Excellent written and verbal communication skills