Senior Security Engineer

As a Senior Security Engineer, you will work closely with stakeholders on security initiatives across the security spectrum as an individual contributor and as a member of the security engineering team. You will assist with the day-to-day information security operations and help with the implementation of the Information Security Strategic Plan to automate and enforce security best practices and comply with privacy regulations, SOC II, and PCI standards.
Success in this role requires a strong passion for cyber security, demonstration of Plastiq GOAT values, and staying abreast of industry trends, standards and love to learn new technologies.

Your Responsibilities

• Implement and Manage Security Tools, EDR, MDM (Intune & JAMF) OS & Software Management
• Manage Cyber Security Response Team, and external Security Service Providers
• Perform daily reviews of different security systems and tools. Analyze security system logs, AWS Security Hub, Splunk logs, Rapid7 Nexpose vulnerability reports, investigate and respond to security incidents
• Manage Third Party Assurance, complete security questionnaires
• Perform detailed information security assessments on Plastiq’s information systems to ensure compliance with various regulations and security standards
• Identify gaps in existing security defenses and recommend, build and implement solutions to address these gaps
• Contribute to security compliance frameworks and support audit activities for PCI, SOC1 & SOC2, ISO27001, etc.
• Research/evaluate emerging cyber security threats and ways to manage them
• Conduct monthly Phishing user awareness campaigns and user education on cyber security including new hire security orientation
• Analyze and create reports based on information gathered from security technology and report to ISO on a daily basis

Your Minimum Required Experience

• 5+ years of security engineering experience, with an understanding of security technologies including Anti-Malware, Web Security, SIEM, IPS/IDS, Firewalls, Threat Intelligence, etc.
• Knowledge of Payment Card Industry (PCI), NIST standards, Sans Top 20, ISO 27000 series, investigating and documenting incidents, and compliance
• CEH, GIAC certifications, CISSP or CISM. Specific vendor security certification can be considered.
• Experience conducting security control assessments or audits. Participating in Internal and External audits.
• Good knowledge of Qualys, AWS Security Hub, Nexpose
• Solid experience with macOS, Windows 10, Jamf, Intune, OKTA, Jira, Slack, Bash and Python 
• Proven ability to maintain security documentation and manuals
• Success at delivering clear and concise verbal or written communication that facilitates a mutual understanding in both parties
• Ability and eagerness to learn new technologies and cross train with other Security/IT staff

Plastiq’s Tech Stack

• Plastiq operates a CI/CD model and releases code to production frequently. We are building cloud-native micro-services with a component-based frontend written in React.js, and a Node.js backend, which sits in front of our Payments Processing Platform built in Java.
• For our testing platforms we use Jest for API & unit backend tests, cypress.io for frontend testing, and Gitlab for our continuous integration and delivery. 
• Plastiq is powered by data. Our data pipeline continuously streams data to Snowflake via AWS Kinesis so our Data Engineering and Analytics team can produce machine-learning models that help drive our business.

Plastiq is a smart payment platform designed for businesses to better manage their payments and cash flow. The platform lets companies maximize their existing credit, pay in whatever way is best for their business—regardless of what payment methods their recipients accept—and get paid by card without the burden of card acceptance fees. Businesses can pay globally in more than 40 countries, and Plastiq works with all major credit card providers, including Mastercard, Visa, American Express, and Discover. Plastiq has millions of customers and has processed billions in payments for a wide range of expenses, from business supplier payments and contractors to taxes and rent. Plastiq has won a number of awards and recognitions, including being named to the 2020 Forbes FinTech 50 and 2020 Bay Area Best Places to Work by the San Francisco Business Journal.