Shift4 Payments (NYSE: FOUR) is a leading provider of integrated payment processing and technology solutions, delivering a complete omnichannel ecosystem that extends beyond payments to include a wide range of value-added services. The company’s technologies help power over 350 software providers in numerous industries, including hospitality, retail, F&B, e-commerce, lodging, gaming, and many more. With over 7,000 sales partners, the company securely processed more than 3.5 billion transactions annually for over 200,000 businesses in 2019. For more information, visit shift4.com.
The Sr Security Engineer is responsible for ensuring enterprise technology systems maintain the highest level of security standards. Works across departments to maintain regulatory compliance requirements and best security practice. This position requires expert level skills in security operational and incident response handling, including: log analysis, security hardening, and discovering weaknesses in our infrastructure.
- Prevention of cyber security incidents through proactive threat analysis, patch and vulnerability management, countermeasure deployment, and security application operations.
- Designing, implementing, and supporting security-focused tools and services including SIEM, threat analytic and intelligence platforms, in addition to vulnerability management and remediation tools for both on premise and cloud platforms.
- Configuring datacenter and corporate security solutions so integrate with security products including: multi factor authentication, identity management, encryption, and Public Key Infrastructure (PKI) solutions.
- Assist the Compliance team in maintaining updated security policies and procedures, including development of audit controls and supporting scripts, searches, and reports.
- Participate in security compliance efforts including recurring internal and external audits.
- Evaluate new and emerging security products and technologies, and serve as subject matter expert for decision making, implementation, and integration.
- Provide security expertise by designing, developing, and implementing all phases of security within infrastructure and development projects.
- Manage on premise and cloud security platforms including SIEM, Vulnerability Management, public key infrastructure, file integrity monitoring, and other enterprise security solutions will invest in.
- Devise or build automation to reduce manual processes or introduce new tools to reduce manual workloads for audits, reviews, re-certifications and other security tasks.
- Provide alert escalation response and support on intrusion or security breach investigations, and present investigative findings to management and stakeholders.
- Perform recurring reviews and maintain documentation for procedures in a continuous improvement process.
- Actively participate in the cyber security community and remain current in the field, active participation in purple team exercises
- Guide security team members to improve security standards for all systems and applications.
- Perform verification of post-patch activity.
- Participate in knowledge sharing with other analysts, and writing technical articles for internal knowledge bases.
- Apply payments application knowledge to ensure appropriate security and compliance controls are present - this includes advising Development on new security enhancements, audit logs, encryption and transport protocols, data leakage avoidance and protection from malware.
- Provide security and infrastructure expertise in Windows and Linux systems, container technologies, IAM and rights management for both on premise and cloud platforms.
- Serve as a backup resource to level 1 and II security analysts as required, which may include:
- Monitor security system dashboards.
- Scan and perform security analysis of COTS and clouds-based systems prior to use by Shift4 Payments
- Must be a team player with strong analytical and problem-solving abilities.
- Strong background with datacenter firewalls, switching and routing, including how they interact with other components of the enterprise infrastructure.
- Must be able to work with minimal supervision while maintaining a high quality of service.
- Strong background with Server and Workstation operating systems, including Windows Server and desktops, Linux and Solaris, cloud technologies, containers and threat intelligence platforms.
- Must maintain a high level of confidentiality when accessing or handling sensitive information including PII and cardholder data across the enterprise
- Strong knowledge of PCI DSS and PA-DSS compliance and Sarbanes-Oxley IT General Controls.
- Expert level experience with payment systems including devices and supporting infrastructure. Able to learn the processes and procedures, capabilities of the payment platform as an expert user.
- Able to perform security risk assessments to uncover weaknesses in security and compliance of vendor solutions and in-house development. This includes participating in discovery meetings and technology discussions.
Shift4 Payments provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.