Information Security Engineer
- Redwood City, CA
Merchant e-Solutions (MeS) is an innovative, Internet technology focused payments company providing a full-service payment platform for financial institutions, merchants and developers. By combining the latest technology and industry expertise with a customer centric focus, we continue to innovate easy-to-use solutions for the payment industry.
Currently, Merchant e-Solutions processes more than $14 billion dollars per year in domestic and international payments for more than 65,000 merchants supporting 150 global currencies and all major credit, debit and alternative payment solutions. Merchant e-Solutions' fully-integrated platform makes processing not just easier, but also much more affordable. Unlike other credit card payment systems, our technology, service and support operations are 100% in-house.
Merchant e-Solutions, as of August 2012, is now part of Cielo S.A. Headquartered in San Paulo, Brazil, Cielo is the leading merchant payment processor in Brazil and Latin America and one of the largest payment processors worldwide. MeS is headquartered in Redwood City, California, with operations in Spokane, Washington.
Come join our team protecting the organization as an Information Security Engineer! With a unique responsibility as a security team member protecting a forward-thinking next generation organization, joining our Team is truly an exciting career opportunity. This is a growing team in the Information Technology Services organization focused on protecting the company, protecting customers, and advancing the industry as we deal with a very dynamic and evolving threat landscape.
We are seeking an experienced information security operations engineer with a broad-based background in vulnerability assessment, security log management and incident response. This is a mid-level technical role in a fast-paced growing security organization.
This role is responsible for:
- Implementing and operating vulnerability management and security log collection and monitoring tools, analyzing data from those tools and providing recommendations for security improvements to existing processes and technology, and participating in and leading incident response efforts.
- Working with security tools and API integration work including writing scripts and development of automation around detection and remediation activities.
- Collaboration with internal and external groups to develop policies, procedures, standards, and guidelines relating to operation of these tools.
- Given the growing nature of the organization, you will work closely with other internal and external groups and may also assist in other security activities as necessary in response to assessments and/or audits.
Our ideal candidate is a driven team player with experience working in a dynamic environment and the ability to wear multiple hats in the information security realm including:
- A demonstrated history of working with multiple security tools and experience with vulnerability management, log analysis, and incident response. Prior SIEM experience is a plus.
- Capability of performing forensic examination, packet dissection and log analysis, and be able to communicate effectively to senior management and executives.
- Ability to leverage multiple forms of communication to articulate complex concepts to both technical and non-technical staff.
- Knowledge of risk management concepts and risk assessment methodologies.
- Experienced in all facets of analyzing cyber threats in terms of exploits, vulnerabilities and mitigation.
- Ability to complete and conduct hands-on technical assessment of the cyber threat landscape in terms of its potential impact on the organization and recommending strategic, mitigating actions.
- A self-starter and works with business to help manage cyber risks to an acceptable level.
Skills and Qualifications:
- Bachelor’s in computer science (or equivalent) degree and a minimum of seven (7) years of documented information security work experience.
- Certifications such as SANS GIAC are preferred. Familiarity with and practical application of capability maturity models (CMMs) relating to vulnerability management and log monitoring are preferred.
- IT security certifications (SANS GIAC, CISA, CISM, CISSP, OSCP, OSCE) is a plus
- This position will require on-call availability.
An ideal candidate will also demonstrate proficiency in the following skills:
- Experience with planning, deployment, and operation of large enterprise security management tools such as IDS/IPS (network and host), advanced anti-malware (network and endpoint), DLP, encryption, anti-virus, firewalls, identity management, NAC, MDM etc.
- Experience with advanced malware technologies is a plus.
- Demonstrated experience with malware remediation.
- Experience in one or more technical forensic tools
- Experience with SIEM from systems deployment and endpoint configuration to log analysis and interpretation.
- Ability to identify signs of intrusion or infection on a variety of systems.
- Identification and remediation of OS and network security weaknesses and vulnerabilities;
- Response to internal and/or external reports, events, and incidents (e.g. scanning, hacking, phishing)
- Effective writing skills; ability to produce clear, concise and high-quality technical and business documents;
- A desire to work collaboratively in a small, cross-functional team;
- A strong sense of accountability and self-motivation;
- An ability to think critically and an aptitude for problem solving;
- At least 7 years of system/network security experience, including threat modeling, threat assessments, risk identification techniques, penetration testing
- Detailed knowledge of network and Web related protocols (e.g., TCP/IP, IPSec, HTTP, SSL, routing protocols)
- Ability to move seamlessly between a hacker / attacker mindset and a security engineer / defender mindset
- Hands on experience with Nmap, vulnerability scanners, ZAP, Kali, MetaSploit, Wireshark, Kismet, Aircrack-ng
- Penetration testing experience
- Application and database security experience, including code reviews
- Network and security engineering experience, including log and network traffic capture analysis
- Passion for creating tools and automating processes
- Knowledge of programming and scripting for development of security tools
- IT security engineering with expertise in either network or application security
Merchant e-Solutions is an Equal Opportunity Employer committed to a diverse workforce.