We’re on a mission to create a global payment ecosystem that connects businesses and consumers everywhere.
Information Security Lead
Location
Bulgaria
Posted
2 days ago
Salary
0
Seniority
Senior
Job Description
Information Security Lead
emerchantpay
• Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. • Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. • Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. • Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. • Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. • Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. • Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. • Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. • Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. • Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. • Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. • Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. • Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. • Run security awareness and phishing-resilience programs for technical and non-technical staff. • Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. • Monitor the evolving threat landscape and emerging security technologies. • Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. • Build, lead, and mentor a small security team. • Report security posture, key risks, and metrics.
Job Requirements
- Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent practical experience.
- At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role, with hands-on experience securing cloud-native environments at scale.
- Deep, practical public-cloud security knowledge (AWS strongly preferred): identity, networking, encryption, logging, and configuration management.
- Strong experience securing DevOps / CI/CD pipelines and modern microservices architectures - containers, APIs, and infrastructure-as-code.
- Working knowledge of application security and secure SDLC across modern programming languages and web frameworks.
- Hands-on experience with security operations, incident response, and vulnerability management.
- Solid understanding of security frameworks and compliance standards relevant to payments: ISO 27001, PCI DSS, SOC 2, and NIST CSF.
- Working AI security literacy, with hands-on use of AI-assisted security tooling (e.g., GenAI coding assistants, AI-augmented SAST/DAST and SIEM/SOC analytics) and a practical understanding of securing AI/LLM and agentic applications, including AWS AI services such as Amazon Bedrock and the OWASP Top 10 risks for LLMs (e.g., prompt injection and data leakage).
- Strong analytical and problem-solving ability, with high integrity and sound judgement.
- Excellent verbal and written communication skills, fluent English, and the ability to influence engineers with data, logic, and best practices.
Benefits
- Fast-growing payment company;
- Excellent working conditions, casual atmosphere, and state-of-the-art hardware;
- Modern, challenging, constantly growing business;
- Professional development - books, trainings, certifications, etc.;
- Team buildings and fun activities;
- 25 days paid holiday, 1 day for every 2 years with us;
- Fully distributed and remote.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Own security and compliance across product, engineering, cloud, vendors, and internal systems. • Build practical security controls around auth, access, secrets, data privacy, infrastructure, and deployments. • Create safe usage guidelines for AI tools, agents, MCP servers, tool calling, and automation workflows. • Run vulnerability management, security reviews, risk assessments, and incident response planning. • Drive compliance readiness for frameworks like SOC 2, ISO 27001, GDPR, or similar. • Help teams handle sensitive data properly, especially when using AI tools and third-party platforms. • Train the team on secure development, AI safety, privacy basics, and common attack patterns. • Bring a startup mindset: fast decisions, clear ownership, practical fixes, and no security theater.
Role Description inventYOU is looking for Cybersecurity Trainings & Exercises Experts to support the preparation, customisation and delivery of cybersecurity exercises and training activities. The role focuses on: - Cybersecurity trainings - Tabletop exercises - Operational and technical exercises - Awareness activities - Training material preparation - Exercise assessment Key Responsibilities: - Support the preparation and delivery of cybersecurity exercises. - Contribute to tabletop, operational, technical and awareness-raising exercises. - Develop, customise and localise training and exercise material. - Support the use of exercise platforms, systems or digital collaboration tools. - Deliver cybersecurity training sessions for technical and non-technical audiences. - Prepare presentations, case studies, exercises, assessment templates and supporting documentation. - Assess the impact of trainings and exercises through feedback, quizzes or evaluation mechanisms. - Prepare reports, lessons learned and recommendations for improvement. Qualifications - Bachelor’s degree in Computer Science, Computer Engineering or equivalent. - Intermediate level: at least 3 years of relevant professional experience. - Senior level: at least 6 years of relevant professional experience. - Experience in cybersecurity training and/or cybersecurity exercises. - Experience in tabletop, operational, technical or awareness-raising exercises. - Experience in developing, customising or localising cybersecurity training/exercise material. - Ability to prepare scenarios, injects, presentations, case studies, assessment templates or supporting documentation. - Familiarity with exercise platforms, training systems or digital collaboration tools. - Strong communication, presentation and facilitation skills. - Ability to assess training/exercise impact through feedback, quizzes or evaluation mechanisms. - Very good command of English: B2 for Intermediate level, C1 for Senior level. Benefits - Join a people-focused technology company with an international mindset. - Work on challenging projects for European clients and organisations. - Be part of a collaborative and supportive team environment. - Gain exposure to cybersecurity, technology and digital transformation projects. - Develop your skills through hands-on experience and continuous learning. - Work with experienced professionals across different business and technology domains.
Senior API Security Product Manager
Akamai TechnologiesAt Akamai, we make life better for billions of people, billions of times a day. Every moment, billions of people, all over the world, are using the internet to shop, play games, look after finances, learn remotely, share videos, connect across the world, and so much more. These life-shaping digital experiences wouldn’t be possible without Akamai. We power and protect life online. It’s an extraordinary mission, and our global teams achieve it by solving the toughest challenges, and turning the impossible into the possible. With the world’s most distributed compute platform — from cloud to edge — we make it easy for businesses to develop and run applications, while we keep experiences closer to users and threats farther away. That’s why innovative companies worldwide choose Akamai to build, deliver, and secure their digital experiences. Thanks to our world’s most distributed platform for cloud computing, security, and content delivery. Akamai keeps applications and experiences closer and threats farther away. Devoted, determined problem-solvers who share a passion for technology, we’re always pushing ground-breaking ideas and driving innovation. Do you want to power and protect life online, by solving the toughest challenges with us? Be part of an amazing team!
• Shipping product strategy and roadmap and aligning it with stakeholders, the company vision, and market trends. • Working directly with customers and the field to understand problems, personas, and gather feedback. • Collaborating with engineering to define and deliver new features. • Working with the product marketing team to develop effective business and market communications.
• Review and enrich playbooks and see opportunities for automation efficiencies in our Security detection and response capabilities. • Liaising with the Engineering teams on incident response, vulnerability management and remediation actions • Responsible for providing technical expertise in the support of security incidents using a plethora of leading security tools, coupled with continuous learning and training • Working with AWS & GCP Cloud-native security tooling such as GuardDuty, Security Hub, GCP Security Command Center to ensure a level of protection & monitoring of threats in Auctane Public Cloud environments. • Following up on regular security reviews, vulnerability, risk assessments and audits utilising our CSMP tool Wiz and Endpoint vulnerability tool Crowdstrike. • Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams and wider business. • Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures • Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and be an integral part of the Information security incident process • Learning and training, to enhance knowledge of Security Orchestration and Automation.



