Senior SW Engineer - Static Analysis for Application Security

Senior IT Security Engineer Location: El Segundo, California, USA Position Overview: Our client, a leading organization in the publication industry, is seeking a Senior IT Security Engineer responsible for developing, maintaining, and overseeing a robust information security infrastructure. This role ensures compliance with key standards such as the Payment Card Industry Data Security Standards (PCI DSS). The Senior IT Security Engineer will conduct comprehensive assessments of the company's cloud and on-premises IT security protocols, lead security initiatives, and manage relationships with managed security service providers. This position will focus on risk management, vulnerability compliance, and internal controls, contributing to overall IT optimization efforts.Key Responsibilities:• Conduct internal assessments and audits to ensure compliance with PCI DSS and other relevant security standards.• Collaborate across departments to identify, assess, and mitigate security vulnerabilities, especially within payment card processing environments.• Develop and maintain a comprehensive PCI compliance program, including policies, procedures, and documentation.• Oversee and manage the security infrastructure to ensure resilience against potential threats.• Provide guidance to business units and IT teams on secure payment processing practices.• Act as the liaison with external Qualified Security Assessors (QSAs) during annual PCI DSS assessments and facilitate remediation of any gaps.• Train staff on PCI DSS requirements and best practices for securing cardholder data.• Monitor updates to PCI DSS standards and implement necessary changes across the organization.• Manage and oversee the performance of the managed information security service provider.• Prepare Reports on Compliance (ROCs) and Self-Assessment Questionnaires (SAQs) for PCI DSS reporting.• Present process improvements and secure approval from senior IT management, ensuring successful implementation.• Ensure information systems comply with all relevant laws, policies, and regulations.• Generate and audit monthly vulnerability reports, quarterly network scans, and bi-annual penetration tests, ensuring all remediation tasks meet SLA deadlines.• Collaborate with the legal department to maintain IT security compliance and governance for external service providers and vendors.• Assist in developing and maintaining a comprehensive incident response plan for breaches involving cardholder data.• Provide regular compliance status reports, security assessments, and remediation updates to senior management and stakeholders.• Participate in security and compliance projects as needed.• Perform additional tasks as assigned.Required Qualifications:• Bachelor’s degree in Information Technology, Information Security, Computer Science, or a related field, and 8+ years of experience in information security, specifically PCI DSS compliance, OR 12+ years of experience in information security with a focus on PCI DSS compliance.• 6+ years of experience with security tools and technologies for security and compliance monitoring.• Deep knowledge of information security principles, vulnerability scanning, remediation, reporting, data protection laws, and payment industry standards.• Strong analytical, problem-solving, and decision-making abilities.• Adaptable communication skills tailored for diverse audiences.• Detail-oriented with the ability to manage multiple projects simultaneously.• In-depth understanding of IT governance, risk management, and compliance software tools.• Advanced expertise in IT security principles related to cloud infrastructure (Azure, AWS, Google Cloud), networks, databases, application security, firewalls, MFA mechanisms, and identity/access management.• Proficiency in technical domains including access and authentication, data security, secure software development, IT operations, boundary protection, vulnerability management, business continuity, and disaster recovery.• Ability to work independently and collaboratively in a team environment, demonstrating professionalism and a strong work ethic.Preferred Qualifications:• Professional certifications such as PCI ISA (Internal Security Assessor), PCIP (PCI Professional), CISSP, CISM, CISA, CIS, NIST, HIPAA are highly desirable.Additional Information:• This role requires full COVID-19 vaccination, with accommodations considered for medical or religious reasons on a case-by-case basis. Proof of vaccination is required before the start date.Compensation and Benefits: The expected salary range for this role is between $155,000 and $170,000. Final compensation will be determined by skills, experience, certifications, and organizational needs. Competitive benefits are offered and can be explored further during the interview process.If you are a highly skilled IT security professional looking to make a significant impact within a dynamic environment, this opportunity might be the perfect fit for you. Apply today to join a forward-thinking team committed to maintaining top-tier security standards!#J-18808-Ljbffr