• Applies application development understanding and includes security controls within the application pipeline for moderately complex projects. Verifies controls are adhered to.
• Reviews security architecture designs independently utilizing a strong understanding of network architecture to include recommendations drafting.
• Utilizes a strong understanding of the appropriate settings for premise or cloud-based security platforms in order to build guides for the standard implementation of a given platform.
• Interprets vulnerability scanning from DAST and SAST and/or penetration test results to eliminate false positives while identifying appropriate mitigation for true issues.
• Communicates InfoSec Architectural and Application Security policies, standards, and guidelines in documentation for consumption by both IT and non-IT resources.
• Utilizes a high level of industry understanding of implications of new threats and their applicability to the company, as well as options to reduce/eliminate new risk.
• Build relationships with developers, stakeholders, and scrum masters to incorporate security principles into engineering design and deployments.
• Perform testing and validation in application security controls across projects.
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
• Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle.
• Identify vulnerabilities in code through automated and manual assessments, and promote quick remediation.
• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.

Minimum Qualifications

• Bachelor's Degree
• Relevant Experience or Degree in: Information Security or Computer Science
• Typically Minimum 4 Years Relevant Exp
• Prior experience must be as an Information Security Analyst, or related role. Strong understanding of regulatory audit requirements and developing the appropriate solutions to address findings. Degree strongly preferred; however, additional 4 years related experience may be considered in lieu of a degree.
• One or more of the following (or similar) - eWPTX, OSWE, CISSP, CEH, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT, CCSP
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).

Preferred Qualifications

• Typically Minimum 6 Years Relevant Exp
• Prior experience must be as an Information Security Analyst, Security focused Network Admin/Engineer or Systems Admin/Engineer. Understanding of regulatory requirements and solutions design to meet said requirements.
• Preferably some experience with operations and security across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).

What Are Our Desired Skills and Capabilities?

• Skills / Knowledge - A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways. This job is the fully qualified, career-oriented, journey-level position.
• Job Complexity - Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Networks with senior internal and external personnel in own area of expertise.
• Supervision - Normally receives little instruction on day-to-day work, general instructions on new assignments.
• Network Engineering/Architecture - Maintains an understanding of TCP/IP network connectivity, subnet segmentation, security zones, secure ports/protocols, network authentication/authorization, security tools and their applicability (WAF, IPS, Sandbox, etc.).
• Systems Engineering/Architecture - Maintains an understanding of Operating system infrastructure, including Windows, Linux, containers, container orchestration, and Virtual Machines. Must understand system authentication options, user rights within systems, user authentication/authorization, least privilege, Group Policy, Automation tooling (Puppet, chef, ansible) and local security agents/tools (Anti-Virus, Whitelisting, forensics, firewall, etc.)
• Encryption/Cryptography - Understands the use of digital certificates, root certificate trust, and how to encrypt/decrypt network traffic. Recognizes data that must be encrypted at rest, and how to assure encryption key processes meet policy and regulatory requirements.

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information, or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact jobs@globalpay.com.