Security Engineer

Resume assistance and interview prep is available for Catawba citizens by contacting: Maddison.Montgomery@catawba.com

Job Summary:

Catawba Two Kings Casino is seeking a skilled Security Engineer to join our IT team at a premier casino with a hotel amenity in Kings Mountain, NC.  This role is essential in supporting and maintaining a robust cybersecurity infrastructure to protect gaming operations, guest data, and financial transactions, with a strong focus on data security, Payment Card Industry Data Security Standards (PCI DSS) compliance, and identity-based network access. The ideal candidate will implement and manage security platforms, including EDR, firewalls, network segmentation tools, and NetFlow, while collaborating with our managed Security Operations Center (SOC) to ensure rapid threat detection and response. The Security Engineer will support daily security operations, contribute to improving the casino’s security posture, and ensure compliance with gaming industry regulations in a dynamic, 24/7 environment.

Responsibilities

• Security Infrastructure Support: Implement and maintain security solutions including but not limited to, EDR, firewalls, advanced network segmentation, NetFlow, and identity-based network access to protect gaming systems, guest data, and financial transactions, ensuring alignment with PCI DSS requirements.
• Identity-Based Network Administration: Support identity-based network access control, configuring policies for user and device authentication, authorization, and accounting (AAA), and assisting with endpoint posture assessments to ensure compliance with security standards.
• Data Security and PCI Compliance: Support the implementation of data encryption standards, access controls, secure data transmission protocols, and network segmentation to protect sensitive information, including payment card data. Assist in maintaining PCI DSS compliance through audits and remediation activities.
• Incident Monitoring and Response: Monitor security events and assist the managed SOC in responding to incidents promptly, leveraging security tools for threat detection and mitigation. Support integration of identity-based tools with SOC tools for threat intelligence and access log sharing.
• Security Assessments: Conduct vulnerability scans, support security audits, and assist in identifying and mitigating risks affecting gaming integrity, financial systems, and guest data.
• Compliance Support: Assist in ensuring compliance with gaming industry regulations, including PCI DSS, Gaming Laboratories International (GLI) standards, and state-specific requirements. Support PCI DSS audits by maintaining accurate documentation and assisting with compliance activities.
• Incident Response Support: Assist in executing incident response plans for data breaches, supporting containment, eradication, and recovery efforts while adhering to legal and regulatory notification requirements.
• System Integration: Collaborate with IT, gaming operations, and other departments to integrate security solutions with critical systems, such as point-of-sale and guest management platforms, ensuring secure handling of payment transactions.
• Third-Party Risk Support: Assist in assessing third-party vendors, such as payment processors, to ensure compliance with the casino’s security and PCI DSS standards.
• Security Awareness Training: Support the development and delivery of security awareness training programs to educate staff on data security best practices and compliance requirements.
• Threat Intelligence: Stay informed on emerging cybersecurity threats and support the implementation of recommended improvements to strengthen defenses.
• Documentation: Maintain accurate documentation of security configurations, incident response procedures, and compliance activities for auditing and regulatory purposes.
• Guest and IoT Device Management: Support identity-based network access configurations for secure guest access and management of IoT devices, such as gaming machines and ATMs, ensuring network separation and compliance.
• On-Call Support: Be available for on-call duties to address critical security incidents outside regular business hours, ensuring minimal disruption to casino operations.

Requirements

• Education: Bachelor’s degree in Computer Science, Information Security, Computer Engineering, or a related field.
• Experience: Minimum of 3 years of experience in information security, with at least 1 year focused on Cisco security platforms and supporting PCI DSS compliance.
• Technical Skills:
  • Proficiency with EDR for endpoint protection and threat detection.
  • Experience configuring and managing firewalls for network security and PCI DSS compliance.
  • Knowledge of zero-trust micro segmentation.
  • Familiarity with NetFlow tools for network visibility and threat detection.
  • Experience with identity-based network access administration, including policy configuration, user and device profiling, and endpoint posture assessment.
  • Understanding of data security principles, including encryption, access controls, secure data transmission, and tokenization for PCI compliance.
  • Familiarity with security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, and PCI DSS.
  • Experience supporting a managed SOC or external security service providers for threat response.
  • Proficiency in security tools like SIEM systems, vulnerability scanners (e.g., Qualys, Nessus), and network monitoring solutions.
  • Knowledge of securing payment applications, point-of-sale systems, and network segmentation for PCI compliance.
  • Understanding of network protocols and technologies (e.g., TCP/IP, DNS, DHCP) to support secure system integration.
• Certifications: (Preferred)
  • Cisco Certified Network Associate (CCNA) Security
  • Certified Information Systems Security Professional (CISSP)
  • PCI Professional (PCIP)
• Soft Skills:
  • Strong problem-solving and analytical skills to address security challenges under pressure.
  • Good communication and interpersonal skills to collaborate with cross-functional teams and external SOC partners.
  • The ability to work effectively under the guidance of senior engineers and contribute to team goals.
• Additional Requirements:
  • Understanding of gaming industry regulations and compliance requirements (preferred).
  • Ability to pass thorough background checks and obtain state-specific gaming licenses, as required in the casino industry.
  • Experience in high-availability environments, ensuring minimal downtime for critical systems.
  • Flexibility to work various shifts, including nights, weekends, and holidays, for on-call support.

Physical Requirements

While performing the duties of this position, the employee is regularly required to reach with hands and arms; bend to open/use lower drawers or cabinetry; to talk, hear, and see. Prolonged periods of sitting at a desk and working on a computer. The employee is occasionally required to stand; walk; climb or balance; stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 30 pounds.

Nothing in this job description restricts the management’s right to assign or reassign duties and responsibilities on this job at any time.

Revised 10.05.22 Catawba Indian Nation exercises INDIAN PREFERENCE Native American Indian preference shall apply to this position pursuant to the Indian Self-determination and Education Assistance Act (24 U.S.C. 450, et seq.), 25 CFR 271.44 and other relevant laws (title 25, U.S. code, Section 472 & 473)