Security Engineer

Job Overview

Embed security by default across development and operations workflows, working with Engineering and DevOps teams to design, implement, and maintain secure cloud infrastructure, CI/CD pipelines, and containerized environments in AWS and GCP. Automate security controls through infrastructure as code and ensure compliance with standards like PCI DSS and SOC 2 to support scaling in the global payments ecosystem.

Responsibilities

• Design, build, and maintain secure and scalable internal security solutions and tools using Python to support security operations and strengthen technical controls.
• Improve and manage security configurations in AWS and GCP, including WAF, Security Hub, IAM policies, SIEM integrations, and other critical services to strengthen cloud security posture and implement best practices.
• Implement and maintain security processes and technical controls that support compliance requirements such as PCI DSS, ISO 27001/27701, and SOC 2.
• Collaborate with different teams on cross-functional security initiatives, providing technical expertise and ensuring alignment with best practices.
• Explore and evaluate emerging technologies and architectures, such as AI integrations, to ensure secure adoption.

Qualifications

• 4+ years of hands-on experience in security engineering or similar technical security roles.
• Strong experience designing and developing security tools or internal products to support security operations using Python.
• Solid knowledge of AWS and GCP security services and configurations.
• Practical experience working with compliance frameworks such as PCI DSS, ISO 27001/27701, and SOC 2 in cloud environments.
• Strong problem-solving skills and the ability to communicate and collaborate effectively with cross-functional teams.
• Verbal and written English fluency.

Preferred Qualifications

• Familiarity with SIEM platforms and security monitoring tools.
• Experience with Kubernetes and container security.
• Experience with infrastructure as code, such as Terraform or CloudFormation.
• Familiarity with emerging architectures like serverless, event-driven, and AI integrations.
• Experience embedding security practices across the software development lifecycle, including CI/CD pipelines.