Technical Advisor II, Risk and Compliance Engineering - Greendale, United States - Global Payments
Description
Technical Advisor II, Risk and Compliance Engineering
Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services.
Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results.
We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions.
Join our dynamic team and make your mark on the payments technology landscape of tomorrow.Description:
Analyzes technical vulnerabilities to be remediated in collaboration with internal stakeholders
Utilizes in-depth business and technical understanding of various application systems, security and compliance protocols to develop and implement solutions to identify and remediate security vulnerabilities
Identifies issues that can be actioned upon based on reviewing automated or adhoc reporting over various applications, infrastructures, and systems
Performs analysis from securing scans and vulnerability reporting across various applications and infrastructures with an understanding on how to meet business and compliance needs based on industry standards and system requirements
Identifies and coordinates with key stakeholders across those identified applications, infrastructure, and systems to ensure remediation and resolution of identified issues based on a solid understanding of applicable business/technology systems and industry requirements
Works through issue resolution and/or mitigation from inception to completion
Ensures appropriate documentation and mitigation/remediation plans are developed and provided for key vulnerabilities
Contributes to the implementation of a comprehensive vulnerability reporting framework which supports the remediation of security vulnerabilities
Provides engineering and technical assistance on vulnerability security scans, penetration testing, vulnerability analysis, scan analysis, and/or security analysis
Collaborates with stakeholders to design and implement automated measure to ensure security and compliance requirements are embedded within existing and newly developed applications and infrastructure
Minimum Qualifications:
Strong technical aptitude with highly effective technical communications skills (verbal and written) to collaborate with technology teams and owners to ensure issue resolution/mitigation for identified vulnerabilities
Knowledge of infrastructure (server) and network systems and capabilities; Windows and Linux operating systems
Understanding of change management and secure code development practices and lifecycle
Knowledge of Asset Management concepts and governance models
Knowledge of various security scans, including but not limited to DAST (dynamic), SAST (static), (software composition analysis), infrastructure scans, penetration testing
Proficient in creating, enhancing, and documenting policies and procedures
Strong understanding of incident management processes
Ability to work effectively in high-pressure situations
Excellent design, problem solving and debugging skills
Strong networking, organizational and prioritization skills with a desire to learn
Strong interpersonal skills and ability to work effectively with diverse and distributed teams
Qualified applicants must hold a four-year degree in an engineering, computer science or technical discipline OR an equivalent combination of education and experience
Occasional travel may be required; less than 10%
Education Experience Minimum Qualifications
Bachelor's Degree
Relevant Experience or Degree in:
IT, Computer Science, MIS or Business or equivalent work experience, such as relevant technical background and/or work product/SME knowledge in lieu of a degree
Typically Minimum 8 Years Relevant Exp
Designing and problem solving
Preferred Qualifications
Ability to assess security risk, controls, and compliance in a variety of situations, architectures, and solutions. Experience with controls definition, development, implementation and assessment.
Software/infrastructure engineering experience
Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy
Developer experience with source code repositories, Bitbucket a plus
Experience with collaboration tools, Jira/Confluence a plus.
Experience with CI/CD Tools, Jenkins, Maven and Groovy a plus.
Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy
Strong understanding of industry frameworks and best practices (ex. NIST, ISO, CIS, etc.)
Strong understanding of container ecosystems (Docker, Kubernetes, etc)
Understanding of cloud
environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques
Database experience with Oracle, SQL Server, Postgresql, and others.
Industry Security Knowledge of OWASP Top 10, Sans Top 25, PCI DSS.
Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law.
Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.