cybersecurity

The Security Subject Matter Expert will be responsible for designing, implementing, and managing secure designs/solutions and protocols across our infrastructure, and leading MasrPay security compliance program. This includes leveraging security tools such as IPS/IDS, SIEM, FIM, and WAF solutions, as well as establishing encryption and data protection practices, following PCI DSS requirements, and relevant regulations like GDPR, and security standards and frameworks like ISO27000, NIST-800 and CSF. The role requires close collaboration with application development and DevOps, security and network teams to ensure that security is integrated into every phase of the development lifecycle.

Responsibilities:

1. Develop, implement, and maintain secure design/solutions and protocols to protect sensitive data and applications.
   
2. Strong knowledge and hands-on skills with IPS/IDS, SIEM, FIM, FWs and WAF.
   
3. Conduct security assessments, vulnerability analysis, and penetration testing to identify risks.
   
4. Collaborate with developers to integrate security best practices into the development and deployment processes.
   
5. Ensure compliance with industry standards, such as PCI-DSS, and any other relevant regulations will be an added asset. e.g. GDPR, ISO27001.
   
6. Manage encryption and data protection strategies across all tiers.
   
7. Respond to and investigate security incidents, providing root cause analysis, remediation and mitigation strategies.
   
8. Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements.
   

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
  
• 5+ years of experience in cybersecurity and security compliance requirement, such as PCI-DSS, preferably within fintech or financial industries.
  
• Strong knowledge of security solutions, including IPS/IDS, SIEM, FIM, FW, WAF, and encryption techniques.
  
• Experience with security assessment tools and methodologies, including vulnerability scanning and penetration testing.
  
• String knowledge with SDLC, CI/CD pipelines, DevOps, and DevSecOps practices.
  

Preferred Skills:

• Relevant certifications (e.g., CISSP, CEH, CISM, or GIAC).
  
• Familiarity with compliance requirements, such as PCI-DSS, SOC2, and GDPR.
  
• Knowledge of Kubernetes, Docker, and cloud security best practices.
  
• Experience with Unix platforms, Kafka, Keycloak, and data encryption in distributed systems.
  
• Strong analytical and problem-solving skills for incident response and forensic analysis.