The Security Subject Matter Expert will be responsible for
designing, implementing, and managing secure designs/solutions and protocols
across our infrastructure, and leading MasrPay security compliance program.
This includes leveraging security tools such as IPS/IDS, SIEM, FIM, and WAF
solutions, as well as establishing encryption and data protection practices,
following PCI DSS requirements, and relevant regulations like GDPR, and
security standards and frameworks like ISO27000, NIST-800 and CSF. The role
requires close collaboration with application development and DevOps, security
and network teams to ensure that security is integrated into every phase of the
development lifecycle.
Responsibilities:
- Develop, implement, and maintain secure
design/solutions and protocols to protect sensitive data and applications.
- Strong knowledge and hands-on skills with IPS/IDS,
SIEM, FIM, FWs and WAF.
- Conduct security assessments, vulnerability analysis,
and penetration testing to identify risks.
- Collaborate with developers to integrate security
best practices into the development and deployment processes.
- Ensure compliance with industry standards, such as
PCI-DSS, and any other relevant regulations will be an added asset. e.g.
GDPR, ISO27001.
- Manage encryption and data protection strategies
across all tiers.
- Respond to and investigate security incidents,
providing root cause analysis, remediation and mitigation strategies.
- Stay up-to-date with the latest security trends,
vulnerabilities, and regulatory requirements.
Requirements
- Bachelor’s degree in Cybersecurity, Computer Science,
Information Technology, or related field.
- 5+ years of experience in cybersecurity and security
compliance requirement, such as PCI-DSS, preferably within fintech or financial
industries.
- Strong knowledge of security solutions, including
IPS/IDS, SIEM, FIM, FW, WAF, and encryption techniques.
- Experience with security assessment tools and
methodologies, including vulnerability scanning and penetration testing.
- String knowledge with SDLC, CI/CD pipelines, DevOps, and
DevSecOps practices.
Preferred Skills:
- Relevant certifications (e.g., CISSP, CEH, CISM, or
GIAC).
- Familiarity with compliance requirements, such as
PCI-DSS, SOC2, and GDPR.
- Knowledge of Kubernetes, Docker, and cloud security
best practices.
- Experience with Unix platforms, Kafka, Keycloak, and
data encryption in distributed systems.
- Strong analytical and problem-solving skills for
incident response and forensic analysis.