BB&T Capital Markets
ATM Security Engineer
Raleigh, NC, USA | BB&T Capital Markets
Functions:IT / Information Technology
Job Description:89 people have viewed this job
Payment Security Operations is responsible for operating and building the enterprise wide strategy to identify, develop, and implement technical security solutions to enhance BB&T payment security control environment. This position requires a subject matter expert (SME) with strong collaboration skills to work with cross functional and global teams to ensure the design of technology solutions complies with BB&T information security policies and regulatory obligations for ATMs.
Do you want to work for a top tier financial institution?That places value on both character and innovation?This position is will be reporting to the payment security team dedicated to protecting BB&T.Growth mindsets along with solid security evaluation skills are required for this position.If you are a security professional with a curious mindset then this position may be right for you.The team currently has innovation experts from around the research industry asking questions about how we creatively solve for the security challenges of the next 10 years while dealing with a rapidly changing payment landscape such as real time payments.These positions will assist the team to ensure that security and trust is a key tenant in all solutions in the ATM channel.
• Must have experience with Application Security and enterprise application platforms for the ATMs landscape.
• Integrated into the ATM development teams to ensure that day-to-day activities incorporate the best cyber security practices (e.g. development, monitoring, validation).
• Stay informed and ahead of cyber security threats for ATM’s and ensure that teams are coordinated to respond in an efficient manner.
• The Payment Security Operation expert must have the ability to identify, document, operate, and maintain recommend security safeguards and configurations in a highly complex environment with a demonstrated ability to recognize, and appropriately incorporate layered security safeguards within the network, application, and data layers from both an offensive and defender’s perspective.
• The Payment Security Operations will be responsible for making sure the business is kept up to date of security trends, incidents, and other activities in easy to understand business language.
• The Payment Security Engineer must be an adaptable, pragmatic, and positive professional, who is comfortable in delivering clear and concise information at both a technical and managerial level.
• Assess technological business initiatives to identify the threat landscape and security requirements, create technical documentation and solution overviews, and provide guidance on risk mitigation strategies for identified threats and vulnerabilities. Work effectively with other Information Security teams and outsourcing providers to ensure technology security solutions are in alignment with organizational strategic requirements.
• Create and publish security technology white papers or position papers and create security configuration checklists (e.g., hardening or lockdown guides) for technology platforms and solutions (e.g., operating systems, databases, firewalls, etc.).
• Operate as a security liaison and ambassador to the larger organization by keeping management team and relative peers informed of the latest security trends and threats, driving the security technology pipeline and strategy for the team, and presenting internally and externally on security technologies and solutions.
• Provide security consulting services internally to the engineering organization by giving guidance and functioning as an information security SME.
• Act in a mentoring or coaching capacity for team members and further technical skills through certifications and continual self-learning
Essential Business Experience and Technical Skills:
• 2+ years’ experience in ATM security is preferred
• 5+ years of experience in one or more of the following information security domains: secure development, identity and access management, cryptography, data loss prevention (DLP), cloud, enterprise mobile security, endpoint security, incident response, network and perimeter security, or web and mobile application security.
• 5+ years IT Security Engineering, Architecture, or Operations experience working in an enterprise infrastructure environment.
• 5+ years of experience security solution engineering or security architecture
• Must possess working knowledge of various industry security standards and frameworks including: PCI DSS, ISO 27001, ISF Standard of Good Practice (SoGP), NIST Special Publications, etc.
• Teamwork and communication skills, both written and verbal.
• Bachelor’s degree in Computer Science, Information Systems, or related field; 10+ years of equivalent work experience required in lieu of BA/BS degree is acceptable.
• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
• Experience implementing and assessing risks using Threat Modeling frameworks such as STRIDE, DREAD, or Cyber Kill Chain
• Professional certifications such as: CSSLP, CISSP, OSCP, CISA, CISM, GIAC, CGEIT, CRISC, CEH, or other relevant industry certification strongly preferred.