Senior Security Engineer

Job Title: Senior Security Engineer Department: Product & Technology Location: North America or UK Fair Labor Standards Act (FLSA) Status: Exempt SUMMARY Reporting to the Senior Director for Quality and Operational Excellence, the Senior Security Engineer will play a significant role in the operations of PCI SSC Approved Scanning Vendor(ASV) program. You will work as part of the Product and Technology Team, interfacing with ASVs, industry stakeholders, and other subject matter experts to ensure efficient and effective delivery of this program. This includes the development of requirements and assessment procedures to meet security objectives, as well as scanning target maintenance, program updates and evolution, and other documents to support the program The Senior Standards Engineer will interact with a diverse, global group of payment security professionals and stakeholders and will be an expert in network and IT information security. This is a 100% remote role that is highly collaborative. You will be frequently engaged with Council staff and will contribute to various meetings throughout the week, primarily during US business hours. What you will be doing in this role: Contribute first-hand security experience and subject matter expertise to develop technical security requirements and test procedures for the PCI security standards. Draft and contribute to materials covering various payment industry technologies and topics such as network and application security. Ensuring seamless operation of ASV Validation Service. Working with external entities on alignment of ASV activities. Providing subject matter expertise in network and general IT security to PCI SSC. Respond to technical inquiries received by the Council. Maintain proficiency with current security best practices for the payments industry. Collaborate across all PCI SSC teams, including standards development, program management, and stakeholder engagement, to support company goals and objectives. What you will bring to this role: Strong business and technical writing skills with experience writing technical documentation, standards, procedures, training documentation, or information security articles. Ability to process information with high levels of accuracy and present technical concepts to audiences with a diverse understanding of information security. Attention to detail, self-discipline, and time management skills. Ability to work effectively and meet quality and schedule deadlines in a remote work environment. Flexible, proactive, quick to learn, and possessing a can-do attitude. A blend of curiosity, creativity, persistence, commitment, passion, and optimism. Willingness to travel up to 15%. Strong preference given to applicants with the following experience: At least 7 years technical experience in network security and IT application security. At least 7 years of experience with information technologies infrastructures, such as network management and application configuration. Knowledge of network and application vulnerabilities and the Common Vulnerability Scoring System. In depth knowledge of Linux Architectures and IT administration practices. Skills in analyzing network scanning reports and grading vulnerabilities Bachelor's degree or higher in a related technical field. Having recognized Penetration Teasing certifications such as OSCP or similar. Experience in writing formal compliance documentation, such as standards or policy documents. The starting minimum salary for this role is $130,000 USD annually, plus bonus. The final compensation will be based on skills, experience, geographic location, and other relevant factors. To learn more about the PCI Security Standards Council, visit https://www.pcisecuritystandards.org/ PCI SSC is an Equal Opportunity Employer.