About PayFort, an Amazon Company: We serve the needs of online shoppers in all Arabic speaking and surrounding countries through our trusted, secure payment network that gives everyone the opportunity to shop online safely and easily. We build trust between buyers and online sellers by enabling consumers to transact online using the payment options they prefer with complete security and peace of mind while supporting the most popular payment methods available globally. PayFort is part of Souq Group, established in 2013. PayFort is regional expert in payment processing technology and solutions across major markets in the GCC & Levant countries, operating in UAE, Egypt, Saudi Arabia, Lebanon, Jordan and Qatar.
We are looking for a seasoned information security engineer. You will work closely with leadership, business partners, and engineering teams to define, develop, and release security recommendations and technical solutions that drive security value, automation, and operational improvements across the business.
If you enjoy identifying security issues in system services and applications, and are skilled at analyzing novel threat scenarios, this position will provide you with a unique opportunity to secure the next generation of payments technology.
· Evaluating complex business and technical requirements, communicating inherent security risks and solutions to technical and non-technical business owners
· Working with engineering, product management, and compliance teams across Amazon to design, develop, deploy, and maintain scalable security solutions in a heterogeneous environment with both “bought” and “built” technologies
· Drive awareness of security guidelines, secure-by-default configurations, and technological implementations
· Identify and drive continuous process improvements across security programs and services
· Conducting security reviews to verify compliance and trigger remediation action when necessary
· Creating and maintaining programmatic access control policies for existing and new services, and features within data path using internal tools
· Driving InfoSec policy definition, updates, and policy violation measures.
· Perform end-to-end application security reviews to ensure critical information is appropriately protected
· Identify security vulnerabilities and risks, and develop mitigation plans
· Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start
· Architect, design, implement, support, and evaluate security tools and services.
· Develop and interpret security policies and procedures
· Develop and deliver security training across the company
· Develop and implement consistent and automated patch management in concert with Infrastructure teams
· Develop and implement network and process controls for Payfort’s AWS environments
· Assist Incident Response Team with SIEM engineering tasks
· Perform design reviews and risk assessments for new production instances configurations
· Developing and interpreting policies, procedures, and strategies governing the planning and delivery of System Security services throughout an enterprise Cloud infrastructure
· Analyze and implement control requirements in compliance to Regulatory Risk Management Frameworks
· Evaluate and recommend new and emerging security technologies for use inside and outside the security organization
· Produce creative and inventive solutions for large problems
· Be an advocate for customer trust
* Master’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent
* Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
* Knowledge of hardware security mechanisms
* Excellent written and verbal communication skills
* Excellent leadership skills and teamwork skills
* Results oriented, high energy, self-motivated
*Have experience in generating automated metrics to measure IT security effectiveness and consistency.
*Experience with monitoring security controls supporting a comprehensive compliance program and a clear understanding of cloud computing services/deployment architecture
*Have a working knowledge of NIST 800-53, ISO 27002, PCI DSS, HIPAA and SOC standards. Have an understanding of evaluating the design and effectiveness of IT controls. Have experience in working directly with auditors for these types of assessments.
Ideal candidate profile
* Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or related field, or 7+ years relevant work experience
* 7+ years of security engineering experience
* 4+ years of experience and involvement with development team(s) that delivered commercial software or services
* Experience in security engineering, system and network security, security protocols, cryptography, and application security
* Experience with the application of threat modeling or other risk identification techniques
*Proficiency in at least one modern programming language, such as C++, Java, or Python.
*Proficient oral and written communication skills with the ability to tailor communications to various levels of management including precise and effective customer communications.
*Experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. SOC1, SOC 2, HIPAA, PCI, or ISO 27001, FedRAMP, IRAP).
*Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
*CISSP, CISA, CISM and/or other comparable security controls or audit certifications.