HighLevel, Inc. is an all-in-one marketing and sales platform whose tools and services are designed to help businesses grow. Established in 2018, the company’
Security Engineer
Location
India
Posted
84 days ago
Salary
0
Seniority
Mid Level
Job Description
Security Engineer
HighLevel, Inc.
About us HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. Today, HighLevel supports SMBs across 150+ countries, fueling community-driven growth rooted in real customer outcomes.To date, businesses operating on HighLevel have generated over $7 billion in ecosystem value, demonstrating the impact of shared infrastructure at scale. By centralizing conversations, automation and intelligence into one system, we help businesses move faster, reduce complexity and execute efficiently.Behind the platform, HighLevel powers more than 4 billion API hits and 2.5 billion message events daily. With 250 terabytes of distributed data, 250+ microservices and over 1 million domain names supported, our architecture is built for performance, resilience and long-term scalability. Our people With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership. We value initiative, clarity and execution, creating space for ambitious people to build systems that support millions of businesses worldwide. Here, innovation thrives, ideas are celebrated and people come first, no matter where they call home. Our impact Every month, HighLevel enables more than 1.5 billion messages, 200 million leads and 20 million conversations for the more than 1 million businesses we support. Behind those numbers are real people building independence, expanding opportunity and creating measurable impact. We’re proud to be a part of that.Learn more about us on our YouTube Channel or Blog Posts Responsibilities - Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management (RoC/SAQ, QSAs). - Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking - Support and maintain ISO 27001 ISMS, including risk assessments, SoA, internal audits, and continuous improvement activities - Develop and enforce security policies, standards, and procedures aligned with PCI DSS, SOC 2, and ISO 27001 - Partner with Security, Platform, and Application teams to ensure controls are technically implemented and continuously operating - Collaborate with Security Architecture to review and validate security exceptions and ensure compliance alignment - Track, review, and periodically reassess approved exceptions to minimize long-term risk exposure - Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews - Evaluate vendor compliance posture, including PCI DSS requirements, and define remediation or contractual controls - Design and manage scalable GRC workflows for risk assessments, vendor reviews, evidence management, and control testing - Perform business impact analysis and support BCDR planning and tabletop exercises - Prepare and present risk, compliance, and third-party security reports to senior leadership - Translate technical risks into business-impact language to support decision-making Qualifications - Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field. - 4.5+ years of experience in GRC, risk management, or compliance, with exposure to technical security controls. - Strong hands-on experience with PCI DSS, including audits, CDE scoping, and control validation - Working knowledge of SOC 2 Type II Trust Services Criteria and audit processes - Experience implementing and maintaining ISO 27001 ISMS, including risk assessments and Annex A controls - Hands-on experience with third-party vendor risk assessments, tiering, and remediation tracking - Ability to interpret technical security concepts such as cloud architecture, network segmentation, access controls, and vulnerability reports - Strong analytical, documentation, and stakeholder communication skills - Experience working in cloud-native or SaaS environments - Certifications such as IPCIP, QSA, CISA, ISO 27001, TPRA or equivalent. - Experience with GRC tools such as Vanta, or ServiceNow GRC - Knowledge of data protection and privacy regulations such as GDPR and CCPA - Familiarity with NIST, CIS Controls, or similar frameworks - Experience in SaaS environments with PCI-in-scope systems EEO Statement: The company is an Equal Opportunity Employer. As an employer subject to affirmative action regulations, we invite you to voluntarily provide the following demographic information. This information is used solely for compliance with government recordkeeping, reporting, and other legal requirements. Providing this information is voluntary and refusal to do so will not affect your application status. This data will be kept separate from your application and will not be used in the hiring decision. #LI-Remote #LI-MS1
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
NETWORK - Datacenter & Cloud Security
ZensarAt Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.
We are seeking an experienced Infrastructure Security Specialist to design, implement, and migrate secure network infrastructures for banking and financial services clients. The role focuses on firewall and proxy transformation to cloud, leveraging technologies such as Palo Alto, Prisma, and SD-WAN integration with infra security, while ensuring compliance with strict regulatory standards. Candidate should have strong expertise in network security, hands-on experience with firewall and proxy migrations, and a proven track record in delivering secure, scalable solutions in regulated environments. At Zensar, we’re “experience-led everything”. We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures. Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus. Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. Explore Life at Zensar and join us to Grow. Own. Achieve. Learn. to be the best version of yourself. We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.
• Own and improve the organization’s security and compliance processes across the Azure cloud environment. • Manage and coordinate compliance activities related to SOC 2, ISO 27001, GDPR, and other relevant regulatory or customer-driven frameworks. • Assess regulatory, privacy, and security requirements when engaging clients from new countries/regions, and translate those requirements into internal controls, policies, and implementation steps. • Partner with Engineering, DevOps, IT, Legal, HR, and leadership teams to implement and maintain scalable compliance and security processes. • Support client security reviews, due diligence requests, and security questionnaires with accurate documentation and evidence.
• Provide CS engineering support for the planning, design, development, testing, and integration of DLA information systems. • Analyze system architectures and infrastructure to identify CS risks and recommend improvements to system security design. • Integrate CS engineering principles into enterprise IT, cloud environments, and OT systems. • Support secure system architecture development and CS engineering documentation. • Conduct vulnerability assessment and risk analysis. • Conduct CS vulnerability assessments across DLA IT, Cloud, and OT environments. • Evaluate system configurations and architectures to identify potential vulnerabilities and security weaknesses. • Perform risk assessments to determine the likelihood and impact of identified CS threats. • Develop mitigation strategies and technical recommendations to reduce system risk and improve CS posture. • Provide information assurance engineering support. • Perform analysis of existing and emerging information systems to evaluate compliance with DoD and federal CS policies. • Conduct CS assessments and security test and evaluation activities to validate compliance with CS standards. • Support CS engineering reviews for both classified and unclassified information systems. • Provide technical analysis of proposed CS policies and assess their impact on system architectures and security operations. • Conduct CS compliance and security control validation. • Evaluate compliance of DLA systems with CS policies, standards, and regulatory requirements. • Identify areas of non-compliance and recommend remediation actions. • Support implementation of security controls aligned with enterprise CS architecture. • Assist with development and maintenance of CS standards, guides, and implementation documentation. • Provide CS documentation and reporting. • Develop CS engineering documentation including risk assessment reports, architecture assessments, and security engineering analyses. • Produce implementation documentation and technical reports supporting CS engineering efforts. • Document vulnerability findings and recommended mitigation strategies. • Provide status updates and technical reports supporting project activities and CS operations. • Evaluate CS risks associated with DLA OT environments including industrial control systems and facility-related control systems. • Assess OT system architecture, network configurations, and system interfaces for potential vulnerabilities. • Provide CS engineering recommendations for OT system protection and risk mitigation.
Senior Analyst – Information Security Governance, Risk & Compliance
Genesys Cloud ServicesGenesys is a technology company offering solutions to help clients engage customers and manage customer contact centers. With a client base of more than 4,700 b
• Assist in managing a compliance program for a portfolio of internal/external audits & certifications • Assist with the implementation and direction of compliance processes to automate and continuously monitor information security controls • Develops reporting metrics and dashboards • Assists control owners in defining responsibilities and control standards for regulatory and compliance goals • Map and maintain common controls framework and control scope/applicability for a portfolio of compliance initiatives • Provide compliance subject matter expertise and advisory services to stakeholders/control owners • Documents and reports control failures and gaps to stakeholders • Provide remediation guidance and prepares stakeholders' reports to track remediation activities • Evaluate & report any security/compliance risks to track as part of the company risk register • Consults on developing security standards, procedures, and controls to manage risks • Gather requirements guide assigned controls within the centralized GRC tool • Work with business unit/product level compliance teams to strengthen and align to a shared company compliance plan • Perform operational activities related to the compliance program and escalate deviations when needed • Perform audit services including risk and gap assessments to business units as needed

