Technical Advisor II, Risk and Compliance Engineering
Columbus, Georgia, USA
Applications have closed
Global Payments
Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
Description:
- Analyzes technical vulnerabilities to be remediated in collaboration with internal stakeholders
- Utilizes in-depth business and technical understanding of various application systems, security and compliance protocols to develop and implement solutions to identify and remediate security vulnerabilities
- Identifies issues that can be actioned upon based on reviewing automated or adhoc reporting over various applications, infrastructures, and systems
- Performs analysis from securing scans and vulnerability reporting across various applications and infrastructures with an understanding on how to meet business and compliance needs based on industry standards and system requirements
- Identifies and coordinates with key stakeholders across those identified applications, infrastructure, and systems to ensure remediation and resolution of identified issues based on a solid understanding of applicable business/technology systems and industry requirements
- Works through issue resolution and/or mitigation from inception to completion
- Ensures appropriate documentation and mitigation/remediation plans are developed and provided for key vulnerabilities
- Contributes to the implementation of a comprehensive vulnerability reporting framework which supports the remediation of security vulnerabilities
- Provides engineering and technical assistance on vulnerability security scans, penetration testing, vulnerability analysis, scan analysis, and/or security analysis
- Collaborates with stakeholders to design and implement automated measure to ensure security and compliance requirements are embedded within existing and newly developed applications and infrastructure
Minimum Qualifications:
- Strong technical aptitude with highly effective technical communications skills (verbal and written) to collaborate with technology teams and owners to ensure issue resolution/mitigation for identified vulnerabilities
- Knowledge of infrastructure (server) and network systems and capabilities; Windows and Linux operating systems
- Understanding of change management and secure code development practices and lifecycle
- Knowledge of Asset Management concepts and governance models
- Knowledge of various security scans, including but not limited to DAST (dynamic), SAST (static), (software composition analysis), infrastructure scans, penetration testing
- Proficient in creating, enhancing, and documenting policies and procedures
- Strong understanding of incident management processes
- Ability to work effectively in high-pressure situations
- Excellent design, problem solving and debugging skills
- Strong networking, organizational and prioritization skills with a desire to learn
- Strong interpersonal skills and ability to work effectively with diverse and distributed teams
- Qualified applicants must hold a four-year degree in an engineering, computer science or technical discipline OR an equivalent combination of education and experience
- Occasional travel may be required; less than 10%
Education Experience Minimum Qualifications
- Bachelor's Degree
- Relevant Experience or Degree in: IT, Computer Science, MIS or Business or equivalent work experience, such as relevant technical background and/or work product/SME knowledge in lieu of a degree
- Typically Minimum 8 Years Relevant Exp
- Designing and problem solving
Preferred Qualifications
- Ability to assess security risk, controls, and compliance in a variety of situations, architectures, and solutions. Experience with controls definition, development, implementation and assessment.
- Software/infrastructure engineering experience
- Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy
- Developer experience in Python, Java, JavaScript, and/or C# preferred
- Developer experience with source code repositories, Bitbucket a plus
- Experience with collaboration tools, Jira/Confluence a plus.
- Experience with CI/CD Tools, Jenkins, Maven and Groovy a plus.
- Knowledge of IT security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy
- Strong understanding of industry frameworks and best practices (ex. NIST, ISO, CIS, etc.)
- Strong understanding of container ecosystems (Docker, Kubernetes, etc)
- Understanding of cloud environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques
- Database experience with Oracle, SQL Server, Postgresql, and others.
- Industry Security Knowledge of OWASP Top 10, Sans Top 25, PCI DSS.
Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Azure Bitbucket C CI/CD Cloud Compliance Computer Science Confluence DAST DevOps Docker GCP Governance IaaS Java JavaScript Jira Kubernetes Linux Maven NIST Oracle OWASP PCI DSS Pentesting PostgreSQL Privacy Python SANS SAST Security analysis SQL SQL Server Vulnerabilities Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs