A Security Engineer – Data Protection is responsible for architecture, design, and implementation tasks related to the deployment of the corporate security program. The Security Engineer acts as an internal consultant for all organizations with security needs. The Security Engineer will also be a key member of the incident response and business continuity teams. This role focuses on data and application-level security related to the development, acquisition and implementation of core applications, as well as secure coding techniques in general. The role is also responsible for oversight and development of cryptographic key management processes and procedures.
· Maintain a comprehensive suite of policies, procedures, and supporting documentation to ensure Mercury's key management operations are fully compliant with PCI DSS, card brand requirements, and Mercury security policies.
· Train and mentor Key Management team in HSM and cryptographic best practices.
· Assist the Security Architect – Applications Data with the architecture and design of technical security solutions for internal organizations, focusing on data protection application-level security and secure software development.
· Assist with the implementation of technical security solutions for internal organizations.
· Perform internal security assessments and compliance audits as needed.
· Participate on the Incident Response Team ensuring that incidents and actions for remediation are addressed and communicated in a timely fashion.
· Provide technical advice to internal organizations in the area of information security, specializing in data protection and application-level security and secure coding techniques.
· Contribute to the documentation of internal security policies and procedures.
· Lead the effort to document secure coding techniques via design guides, implementation guides, presentations, and workshops.
· Monitor trends in information technology and data security that could have an impact on the security of products, processes, infrastructure or customers.
· Collaborate with project teams to ensure security requirements are understood and met in project initiatives.
Have the ability to work on projects with minimal guidance from managers and assume the responsibility for the success of the projects
Education and Experience
· Bachelor Degree in Computer Science or Engineering, related technical field, or the equivalent combination of education, professional training, or work experience.
· 6 years of application development experience with at least 2 years in an information security role required.
· 2+ years of experience working with key management and encryption processes required.
· Knowledge and understanding of data and application security-related standards and best practices required.
· Experience with Hardware Security Modules (HSMs) required.
· Security certification (CISSP or relevant SANS GIAC) desired.
· Experience with TR-39/TG-3 and/or Visa PIN Security audit standards desired.
· Experience with Payment Card Industry Data Security Standard (PCI DSS) desired.
Strong written and oral communications
Thorough reading comprehension
Proactive troubleshooting, listening and problem solving skills
Critical thinking using logic and reason
Excellent time-management skills with the ability to meet deadlines
Maintain regular and punctual attendance
Ability to work in a fast-paced, multi-task environment
Ability to sit for long periods of time
Ability to interact with a diverse population
Ability to work on computer for long periods of time
Ability to accept and evolve with changes in policies and procedures
A high level of integrity and trust required.