Security Engineer

📋 Description

• Support and uphold Audienceview's PCI DSS compliance initiative, which includes scoping exercises, gap assessments, evidence gathering, and collaboration with QSAs during annual audits.

• Plan and conduct penetration tests on both internal and external systems, web applications, and APIs, documenting findings and collaborating with engineering teams to facilitate remediation.

• Execute application security evaluations and code reviews to uncover vulnerabilities within Audienceview's software portfolio.

• Assess and secure AI and LLM integrations.

• Manage incident response by monitoring, detecting, and addressing security events and incidents.

• Be adaptable to flexible working hours to support incident response activities.

• Conduct vulnerability assessments and risk analyses to address security weaknesses.

• Develop, implement, and sustain security controls, policies, and procedures in accordance with industry and regulatory standards.

• Perform security reviews of system architectures, network setups, and application deployments, ensuring that PCI DSS requirements are met from design through to production.

• Work collaboratively with engineering teams to integrate security and compliance requirements into the software development lifecycle (SDLC).

• Investigate and prioritize security alerts, perform root cause analysis, and document findings for both operational and compliance purposes.

⛳️ Requirements

• Proven experience in penetration testing, encompassing network, web application, and API testing using industry-standard tools (e.g., Burp Suite, Metasploit, Nmap, OWASP ZAP).

• Background in software development or secure code review, capable of reading, analyzing, and identifying security vulnerabilities in application source code.

• Strong knowledge of PCI DSS requirements (v4.0+) and experience in facilitating PCI DSS audits.

• Familiarity with cloud security in AWS or Azure environments.

• Understanding of the OWASP Top 10, common application vulnerabilities, and secure coding practices.

• Knowledge of identity and access management (IAM), multi-factor authentication, and zero-trust principles.

• Insight into the vulnerability management lifecycle, patch management processes, and compensating controls.

• Awareness of common attack vectors, the MITRE ATT&CK framework, and threat intelligence practices.

• Proficiency in one or more programming languages: Java, JavaScript, C++, Clojure, .NET, or Classic ASP.

• Strong understanding of operating systems security (Windows, Linux, macOS).

• Awareness of AI security risks, familiarity with MCP (Model Context Protocol), and experience in securing AI agent-to-tool integrations.

• Proficient in using SIEM (Security Information and Event Management) platforms and EDR (Endpoint Detection and Response) solutions.

• Experience with scripting and automation (Python, PowerShell, Bash) for security operations and compliance evidence collection.

• Familiarity with endpoint security and DLP (Data Loss Prevention).

• Experience in containerization and Kubernetes security.

• Knowledge of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools.

• Background in red team or purple team exercises.

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent practical experience.

• Relevant certifications (one or more preferred): PCIP, PCI-QSP, OSCP, CISSP, CRISC, CISA, CEH, AWS, Azure, or any other recognized cybersecurity or AI security certification.

• Over 5 years of hands-on experience in information security, cybersecurity operations, or a related systems security role.

• Exceptional communication skills in English.

🏝️ Benefits

• Comprehensive benefits package.

• Competitive salary structure.

• Flexible working hours.

• Opportunities for remote work.

• Generous, uncapped vacation and sick leave policy.

• Initiatives promoting diversity and inclusion.