Job Description
Position Overview:
We are seeking an experienced Security Compliance Engineer to join our team and ensure that our API services, particularly those integrating with payment gateways, are fully compliant with industry security standards, including PCI DSS (Payment Card Industry Data Security Standard). The ideal candidate will have a strong background in security engineering, a deep understanding of compliance frameworks, and the ability to work closely with development teams to implement secure and compliant systems.
Key Responsibilities:
- PCI DSS Compliance: Ensure that all aspects of our API services meet PCI DSS requirements. Conduct regular assessments, gap analysis, and provide remediation strategies.
- Security Controls Implementation: Design, implement, and manage security controls across the API development lifecycle to protect sensitive data and ensure compliance with industry standards.
- Risk Management: Identify potential security risks within the API services and infrastructure. Develop and implement risk mitigation strategies.
- Secure Code Review: Collaborate with development teams to perform secure code reviews, ensuring that APIs follow secure coding practices and comply with PCI DSS.
- Vulnerability Management: Conduct regular vulnerability scans, penetration testing, and security assessments on the API services. Work with development teams to remediate identified vulnerabilities.
- Incident Response: Develop and maintain incident response plans for security breaches related to API services. Lead incident investigations and ensure proper documentation and reporting.
- Audit Preparation: Prepare and maintain documentation for PCI DSS audits and other security compliance audits. Work with auditors to demonstrate compliance and address any findings.
- Training and Awareness: Provide training and guidance to development and operations teams on security best practices and compliance requirements. Foster a culture of security within the organization.
- Collaboration: Work closely with cross-functional teams, including DevOps, IT, and legal, to ensure that security and compliance are integrated into all aspects of the software development lifecycle.
Required Qualifications:
- Education: Bachelor’s degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISA, CISM, PCI QSA) are highly desirable.
- Experience:
- 5+ years of experience in security engineering or security compliance roles.
- Proven experience with PCI DSS compliance and audit processes.
- Strong understanding of API security best practices, secure coding, and encryption techniques.
- Technical Skills:
- Hands-on experience with security tools such as vulnerability scanners, penetration testing tools, and SIEM systems.
- Proficiency in security standards and frameworks, including PCI DSS, ISO 27001, NIST, and GDPR.
- Familiarity with cloud security, particularly in AWS environments, and securing cloud-native applications.
- Soft Skills:
- Strong problem-solving skills and the ability to work under pressure.
- Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
- A proactive mindset with a focus on continuous improvement and staying up-to-date with the latest security trends and technologies.
Preferred Qualifications:
- Experience with DevSecOps practices and integrating security into CI/CD pipelines.
- Knowledge of data privacy regulations and their implications on API services.
- Experience working in a fast-paced, agile development environment.