Payment Security Engineer is responsible for executing the enterprise wide strategy to identify, develop, and implement technical security solutions to enhance BB&T payment security control environment. This position requires a subject matter expert (SME) with strong collaboration skills to work with cross functional and global teams to ensure the design of technology solutions complies with BB&T information security policies and regulatory obligations.
Do you want to work for a top tier financial institution? That places value on both character and innovation? This position is will be reporting to the payment security team dedicated to protecting BB&T. Growth mindsets along with solid security evaluation skills are required for this position. If you are a security professional with a curious mindset then this position may be right for you. The team currently has innovation experts from around the research industry asking questions about how we creatively solve for the security challenges of the next 10 years while dealing with a rapidly changing payment landscape such as real time payments. These positions will assist the team to ensure that security and trust is a key tenant in all solutions.
• The Payment Security Engineer must have the ability to identify, document, and recommend security safeguards and configurations in a highly complex environment with a demonstrated ability to recognize, and appropriately incorporate layered security safeguards within the network, application, and data layers from both an offensive and defender’s perspective.
• The Payment Security Engineer must be an adaptable, pragmatic, and positive professional, who is comfortable in delivering clear and concise information at both a technical and managerial level.
• Assess technological business initiatives to identify the threat landscape and security requirements, create technical documentation and solution overviews, and provide guidance on risk mitigation strategies for identified threats and vulnerabilities. Work effectively with other Information Security teams and outsourcing providers to ensure technology security solutions are in alignment with organizational strategic requirements.
• Create and publish security technology white papers or position papers and create security configuration checklists (e.g., hardening or lockdown guides) for technology platforms and solutions (e.g., operating systems, databases, firewalls, etc.).
• Operate as a security liaison and ambassador to the larger organization by keeping management team and relative peers informed of the latest security trends and threats, driving the security technology pipeline and strategy for the team, and presenting internally and externally on security technologies and solutions.
• Provide security consulting services internally to the engineering organization by giving guidance and functioning as an information security SME.
• Act in a mentoring or coaching capacity for team members and further technical skills through certifications and continual self-learning
Essential Business Experience and Technical Skills:
• 7+ years of experience in one or more of the following information security domains: secure development, identity and access management, cryptography, data loss prevention (DLP), cloud, enterprise mobile security, endpoint security, incident response, network and perimeter security, or web and mobile application security.
• 7+ years IT Security Engineering, Architecture, or Operations experience working in an enterprise infrastructure environment.
• 5+ years of experience security solution engineering or security architecture
• Must possess working knowledge of various industry security standards and frameworks including: PCI DSS, ISO 27001, ISF Standard of Good Practice (SoGP), NIST Special Publications, etc.
• Teamwork and communication skills, both written and verbal.
• Bachelor’s degree in Computer Science, Information Systems, or related field; 10+ years of equivalent work experience required in lieu of BA/BS degree is acceptable.
• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
• Experience implementing and assessing risks using Threat Modeling frameworks such as STRIDE, DREAD, or Cyber Kill Chain
• Professional certifications such as: CISSP, OSCP, CISA, CISM, GIAC, CGEIT, CRISC, CEH, or other relevant industry certification strongly preferred.