emerchantpay logo
emerchantpay

We’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.

Information Security Lead

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 201-500H1B No SponsorCompany SiteLinkedIn

Location

Worldwide

Posted

2 days ago

Salary

0

Seniority

Lead

Job Description

Information Security Lead

emerchantpay

Role Description We are looking for an experienced Information Security Lead to own the design, implementation, and continuous improvement of information security across our cloud-native, DevOps-driven engineering environment, as well as our corporate IT and office infrastructure. The role combines hands-on technical delivery with security leadership. - Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. - Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. - Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. - Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. - Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. - Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. - Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. - Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. - Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. - Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. - Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. - Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. - Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. - Run security awareness and phishing-resilience programs for technical and non-technical staff. - Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. - Monitor the evolving threat landscape and emerging security technologies. - Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. - Build, lead, and mentor a small security team. - Report security posture, key risks, and metrics. Qualifications - Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent practical experience. - At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role, with hands-on experience securing cloud-native environments at scale. - Deep, practical public-cloud security knowledge (AWS strongly preferred): identity, networking, encryption, logging, and configuration management. - Strong experience securing DevOps / CI/CD pipelines and modern microservices architectures - containers, APIs, and infrastructure-as-code. - Working knowledge of application security and secure SDLC across modern programming languages and web frameworks. - Hands-on experience with security operations, incident response, and vulnerability management. - Solid understanding of security frameworks and compliance standards relevant to payments: ISO 27001, PCI DSS, SOC 2, and NIST CSF. - Working AI security literacy, with hands-on use of AI-assisted security tooling (e.g., GenAI coding assistants, AI-augmented SAST/DAST and SIEM/SOC analytics) and a practical understanding of securing AI/LLM and agentic applications, including AWS AI services such as Amazon Bedrock and the OWASP Top 10 risks for LLMs (e.g., prompt injection and data leakage). - Strong analytical and problem-solving ability, with high integrity and sound judgement. - Excellent verbal and written communication skills, fluent English, and the ability to influence engineers with data, logic, and best practices. Requirements - Professional certification such as CISSP, CCSP, OSCP, AWS Security Specialty, or CISM. - Experience in a payments, fintech, banking, or other regulated environment. - Familiarity with operational-resilience expectations (e.g. DORA-style requirements). - Experience standing up a security function. Benefits - Fast-growing payment company; - Excellent working conditions, casual atmosphere, and state-of-the-art hardware; - Modern, challenging, constantly growing business; - Professional development - books, trainings, certifications, etc.; - Team buildings and fun activities; - 25 days paid holiday, 1 day for every 2 years with us; - Fully distributed and remote.

Related Categories

Related Job Pages

More Security Engineer Jobs

Role Description inventYOU is looking for Cybersecurity Incident Management Experts to support cybersecurity incident response and incident management activities for complex and critical environments. The role focuses on incident analysis, incident coordination, log analysis, forensic and artefact analysis, containment, recovery support and the development of incident response procedures and playbooks. - Support cybersecurity incident analysis, triage and response activities. - Perform log monitoring, log analysis and incident investigation. - Support artefact and forensic evidence analysis. - Contribute to root cause analysis and identification of affected systems. - Support incident coordination, containment, eradication and recovery activities. - Assist in the development or improvement of incident response procedures and playbooks. - Prepare technical reports, findings, recommendations and lessons learned. Qualifications - Bachelor’s degree in Computer Science, Computer Engineering or equivalent. - Intermediate level: at least 3 years of relevant professional experience. - Senior level: at least 6 years of relevant professional experience. - Experience in cybersecurity incident response and incident coordination. - Experience in log monitoring, log analysis and incident investigation. - Experience in artefact and forensic evidence analysis. - Knowledge of incident triage, root cause analysis, containment, eradication and recovery activities. - Familiarity with incident response procedures, reporting and playbooks. - Good understanding of hardware, software and networking technologies. - Experience with different environments such as servers, workstations, cloud, mobile, IoT or OT/ICS will be considered an asset. - Very good command of English: B2 for Intermediate level, C1 for Senior level. Benefits - Join a people-focused technology company with an international mindset. - Work on challenging projects for European clients and organisations. - Be part of a collaborative and supportive team environment. - Gain exposure to cybersecurity, technology and digital transformation projects. - Develop your skills through hands-on experience and continuous learning. - Work with experienced professionals across different business and technology domains.

Greece
emerchantpay logo

IT Governance, Risk, and Compliance Manager

emerchantpay

We’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.

Full TimeRemoteTeam 201-500H1B No Sponsor

Role Description We are looking for an IT Governance, Risk, and Compliance Manager to provide oversight of our ICT and information security risk profile, ensuring those risks are identified, managed, and reported within the company's risk appetite, and that governance, risk management, compliance, and resilience are embedded into the way the company operates and grows. The role owns the integrated control framework, multi-standard certifications (ISO 27001, PCI DSS, and SOC), enterprise and third-party risk, business continuity, and key regulatory readiness programs - including the RBI licensing application in India, NIS 2, and the EU AI Act for AI governance and compliance - while acting as a trusted advisor to the Leadership Team. The role sits within the IT function and is part of the Risk Management and Oversight Committee. It works closely with Engineering, IT, Legal, Finance, and the wider business. Responsibilities - Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. - Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. - Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. - Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. - Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. - Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. - Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. - Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. - Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. - Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. - Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. - Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. - Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. - Run security awareness and phishing-resilience programs for technical and non-technical staff. - Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. - Monitor the evolving threat landscape and emerging security technologies. - Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. - Build, lead, and mentor a small security team. - Report security posture, key risks, and metrics. Qualifications - Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent practical experience. - At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role, with hands-on experience securing cloud-native environments at scale. - Deep, practical public-cloud security knowledge (AWS strongly preferred): identity, networking, encryption, logging, and configuration management. - Strong experience securing DevOps / CI/CD pipelines and modern microservices architectures - containers, APIs, and infrastructure-as-code. - Working knowledge of application security and secure SDLC across modern programming languages and web frameworks. - Hands-on experience with security operations, incident response, and vulnerability management. - Solid understanding of security frameworks and compliance standards relevant to payments: ISO 27001, PCI DSS, SOC 2, and NIST CSF. - Working AI security literacy, with hands-on use of AI-assisted security tooling (e.g., GenAI coding assistants, AI-augmented SAST/DAST and SIEM/SOC analytics) and a practical understanding of securing AI/LLM and agentic applications, including AWS AI services such as Amazon Bedrock and the OWASP Top 10 risks for LLMs (e.g., prompt injection and data leakage). - Strong analytical and problem-solving ability, with high integrity and sound judgement. - Excellent verbal and written communication skills, fluent English, and the ability to influence engineers with data, logic, and best practices. Considered as an Advantage - Professional certification such as CISSP, CCSP, OSCP, AWS Security Specialty, or CISM. - Experience in a payments, fintech, banking, or other regulated environment. - Familiarity with operational-resilience expectations (e.g. DORA-style requirements). - Experience standing up a security function. Benefits - Fast-growing payment company; - Excellent working conditions, casual atmosphere, and state-of-the-art hardware; - Modern, challenging, constantly growing business; - Professional development - books, trainings, certifications, etc.; - Team buildings and fun activities; - 25 days paid holiday, 1 day for every 2 years with us; - Fully distributed and remote.

Worldwide

IT Cybersecurity Engineer - WebAppSec PCI

CommonSpirit Health

CommonSpirit Health is a nonprofit organization that is on a mission to improve people’s health while making “the healing presence of God known.” The orga

Role Description The Cybersecurity EngineerWebAppSec position supports the Attack Surface Management (ASM) program for CommonSpirit Health. This program provides web application security services, performs technical security assessment services, maintains WebAppSec security systems and workflows, and provides engagement and reporting services on specific and systemic security vulnerability and configuration issues for the enterprise. The Cybersecurity Engineer will report to the Manager, WebAppSec, as part of the overall Cyber Vigilance and Defence group, focused on identifying, protecting, responding and containing threats and vulnerabilities to the overall CommonSpirit organization. The Cybersecurity Engineer performs web application security services related to PCI compliance such as: - Payment scripts monitoring - Web application security scans - Activities to identify CommonSpirit systems, applications, services, and repositories available on the Internet - Assessing system and application weaknesses, misconfigurations, or other flaws in operating systems, network devices, web applications, or other technologies that could lead to security compromises - Identifying gaps in current control states Monitors the threat and vulnerability landscape and changing business requirements to identify functional, technological and/or control solutions. Develops, integrates, and maintains WebAppSec tools and platforms. Integrates all cybersecurity solutions in an optimal manner to best discover and protect the organization from cyber threats and exposures. May drive one or more projects, acts as a subject matter expert (SME) for one or more discovery or scanning methods, tools, and target environments. Develops and maintains operational security processes, and assists in the remediation of the identified issues. May act as team-lead for other security personnel. Job Responsibilities - Designs, develops, and implements new discovery and assessment solutions to integrate into and test within existing or newly defined architectures. - Provide support on team related engagements with Security Engineering, Identity Management Engineering, Security Architecture, SOC, Network Engineering, Clinical Engineering, Systems Engineering, Application Development, and/or other IT Operations and business function owners. - Act as a security advocate for IT Operations team’s adherence to CommonSpirit Health policies, security standards and requirements, and industry best practices. - Manage workload, prioritizing tasks and documenting time, and other duties as directed by management. - Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, attack surface discovery methodologies, vulnerabilities, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team. - Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team. - Communicates security and technical information to team members and across the IT Organization. - Assists Management in identifying knowledge, process, and technology gaps. - Provide service line support for web application security for PCI compliance. - Create and manage crawling / scanning assessments and workflows, implement and manage script monitoring technologies and services, including alerting and remediation engagement (PCI DSS v4 6.4.3 and 11.6.1), in order to safeguard payment processing applications against fraud and breaches. - Partner with web application development groups to analyze and remediate security concerns within payment pages. - Provide service line support for dynamic application security testing services and remediation engagement. - Perform reviews and analysis of system and applications vulnerabilities and configurations, and support Security technical Risk Management processes. - Proactively identify, engage on, and escalate vulnerability and configuration issues, either system/application specific or systemic. Lead specific engagement and remediation efforts. - Designs, develops, configures, and implements solutions to resolve intermediate technical and business issues related to information security. - Reviews and consults on security of technology solutions to resolve intermediate to high technical and business issues. - Provides support and works on multiple functions of intermediate to high complexity. - Serves as SME for one or more web application security platforms and services. Qualifications - Bachelor's Degree or 4 years of equivalent experience may be considered in lieu of Bachelor's degree. - 2-3 years job related experience required, specifically conducting application security testing or related activity on a multiple set of target types. Requirements - Bachelors in a related field and 3-4 years experience, upon hire.

United States
$49 - $80 / hour
NTT Group logo

Cybersecurity - Identity and Access Management Engineer

NTT Group

A global IT innovator founded in 1965, NTT DATA specializes in system integration and networking system services for more than a dozen industries. As an employe

Title: Cybersecurity / IAM Engineer Location: Bethesda, MD, United States Job Description: NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Cybersecurity / IAM Engineer to join our team in Bethesda (REMOTE), Maryland (US-MD), United States (US). Job Summary: The Cybersecurity / IAM Engineer is responsible for architecting, implementing, and maintaining advanced cybersecurity and identity and access management (IAM) solutions across all client environments, including cloud, IoT, edge, and data systems. This role is critical to ensuring that client meets and sustains compliance with cybersecurity, privacy, and risk management requirements, including RMF, IL4/IL5, and FedRAMP controls. The engineer leads the design and enforcement of secure authentication, authorization, and RBAC frameworks, supporting multi-factor authentication, single sign-on, and integration with providers. The Cybersecurity / IAM Engineer works closely with DevSecOps, software, and infrastructure teams to embed security best practices into all phases of the system lifecycle, including secure configuration baselines, continuous monitoring, vulnerability management, and incident response. The position requires hands-on experience with IAM platforms, PKI, secure directory services, and the implementation of audit logging and compliance reporting. The engineer maintains comprehensive documentation, supports audit and ATO processes, and ensures that all client solutions are resilient, auditable, and optimized for operational readiness and regulatory compliance. Job Duties: - Architect, implement, and maintain advanced IAM solutions, including RBAC, MFA, SSO, and integration with providers - Develop and enforce secure authentication and authorization frameworks for client's cloud, edge, and data environments - Lead the implementation of secure directory services, PKI, and certificate management for all client components - Support continuous monitoring, vulnerability management, and incident response in compliance with DoD RMF, IL4/IL5, and FedRAMP requirements - Collaborate with DevSecOps, software, and infrastructure teams to embed security best practices throughout the system lifecycle - Maintain comprehensive documentation for IAM architectures, security controls, and compliance artifacts - Support audit, ATO, and risk management processes, including evidence collection and remediation of findings - Implement and monitor audit logging, access reviews, and compliance reporting for all client environments - Provide technical support for user provisioning, deprovisioning, and lifecycle management - Participate in security assessments, code reviews, and compliance audits as required by contract and SOW Basic Qualifications: - Master's degree in Cybersecurity, Computer, Electrical, or Electronics Engineering, or Mathematics with a concentration in computer science or equivalent. - Minimum 10 years of experience with cybersecurity engineering - Must be US Citizen with ability to obtain a Secret Clearance Preferred Qualifications: - Experience designing and managing IAM solutions in regulated or mission-critical DoD environments - Proficiency with RBAC, SSO, MFA, PKI, and secure directory services - Experience with DoD RMF, IL4/IL5, and FedRAMP cybersecurity and compliance requirements - Familiarity with AWS GovCloud, cloud security, and secure integration of edge/IoT devices - Strong documentation and communication skills, including the ability to produce compliance artifacts and technical guides - Experience supporting audit, ATO, and risk management processes for federal systems - Information Assurance Management (IAM) or Information Assurance Technical (IAT) or Information Assurance System Architect and Engineer (IASAE) Level I (position-based) per DoD 8570.1M About NTT DATA NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D. Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here. NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is $90,146 - $208,672. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate’s actual work location, relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance. If the position offered in temporary, the position will not be eligible for incentive compensation. This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.

Maryland
$90.1K - $208.7K / year