Cybersecurity Engineer

For more than 30 years Verifone has established a remarkable record of leadership in the electronic payment technology industry. Verifone has one of the leading electronic payment solutions brands and is one of the largest providers of electronic payment systems worldwide.
Verifone has a diverse, dynamic and fast paced work environment in which employees are focused on results and have opportunities to excel. We take pride in the fact that we work with leading retailers, merchants, banks, and third party partners to invent and deliver innovative payments solutions around the world.
What's exciting about the roleThe Cyber Security Engineer will be responsible for designing, implementing, and maintaining security measures to protect our organization's computer systems, networks, and data. The ideal candidate will have a deep understanding of cyber security methodologies, a strong technical background, and the ability to stay ahead of emerging security threats.
General ResponsibilitiesGeneric Responsibilities: Help develop and implement security policies, protocols, and procedures.Conduct regular security assessments, vulnerability scans, and penetration testing.Design and implement security solutions, including firewalls, intrusion detection/prevention systems, and encryption technologies.Prepare and present reports on security status and incidents to management.Stay current with the latest security trends, threats, and technology solutions.Understand, review, and interpret vulnerability assessment and scanning results; reduce false positive findings, and act as security advisor to business unit partners.Create detailed risk assessment reports which explain identified technical and logical security findings, describe potential business risks, and present prioritized recommendations.Develop and maintain documentation for security processes and compliance requirements.Contribute to the ongoing enhancement of the company's security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables.Maintain knowledge of current emerging technologies and advancements within Cybersecurity.Provide expertise and solutions for others as a subject matter expert.Monitor and enforce guidelines for best practices in security and compliance.Orchestrate daily compliance requirements and tasks as required.Review and respond to escalated security events.Proactively hunt for vulnerabilities and threats within our environment.Maintain knowledge of adversary tactics, techniques, and procedures (TTP).Provide timely and relevant updates to appropriate stakeholders and decision makers.Monitor and analyze security systems to detect and respond to security incidents.Investigate security breaches and other security-related incidents.PCI DSS Responsibilities: Ensure the organization's adherence to the Payment Card Industry Data Security Standard (PCI DSS) requirements.Conduct regular PCI DSS gap analysis and risk assessments to identify vulnerabilities.Develop and implement remediation plans to address PCI DSS compliance issues.Maintain and update PCI DSS compliance documentation, including policies, procedures, and security controls.Conduct internal audits and readiness assessments to prepare for PCI DSS certification.Work with external Qualified Security Assessors (QSAs) during official PCI DSS assessments.Provide guidance and training to staff on PCI DSS requirements and best practices.Monitor and manage PCI DSS compliance status and report to senior management.Stay current with changes and updates to PCI DSS standards and ensure ongoing compliance.Coordinate with external auditors and regulatory bodies during security audits and assessments.Collaborate with IT and other departments to ensure comprehensive security strategies.HSM and Crypto Key Responsibilities: Manage and maintain Host Security Modules (HSM) to ensure the secure generation, storage, and usage of cryptographic keys.Implement and enforce policies and procedures for cryptographic key management, including key generation, distribution, rotation, and destruction.Ensure the secure handling and storage of cryptographic keys in compliance with industry standards and regulations.Conduct regular audits of cryptographic key management processes to ensure compliance and identify areas for improvement.Collaborate with internal teams to integrate HSM solutions with applications and systems.Provide technical expertise and support for cryptographic key management and HSM-related issues.Stay current with advancements in cryptographic technologies and best practices.Other Regulation Responsibilities: Conduct regulation audits related to relevant regulations and standards (e.g., GDPR, ISO/IEC 27001, DORA, NIS2, and BaFin).Ensure compliance with relevant regulations and standards (e.g., PCI DSS, GDPR, ISO/IEC 27001, DORA, NIS2, and BaFin).Skills and experience we desireBachelor's degree in computer science or related field.2-3+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management.2-3+ years' experience supporting diverse IT systems, processes, or capabilities in large organizations.2-3+ years of solid understanding of industry best practices for hands-on security vulnerability remediation.2-3+ years with SCCM, WSUS (or other, similar tools) running in an enterprise environment.2-3+ years in scripting of packaged installation of patches, software, and configuration changes, including the knowledge and ability to write PowerShell scripts needed to automate patch management processes.Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.).Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level.Technical understanding of a range of enterprise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile.Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)Our commitmentVerifone is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Verifone is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
#J-18808-Ljbffr