Sr. Security Engineer

Qualifications: 6 + years of experience required Top 5 Must have skillsets: 1. Payment Card Industry - Data Security Standard (PCI-DSS) Expertise: Minimum 5 years of hands-on experience with PCI DSS assessments and remediation. Deep knowledge of PCI DSS 4.0.1 standards, scoping, and segmentation in large enterprise environments. Ability to guide IT teams on PCI scope and compliance strategy. 2.Security Controls and Risk Management - Skilled in identifying, implementing, and managing security controls. Solid understanding of vulnerability management, penetration testing, and control gap remediation. 3. Audit Evidence Collection and Policy Deployment - Proficient in audit practices, control testing, and interpreting compliance evidence. Capable of drafting and reviewing policies and procedures aligned with regulatory standards. 4. Communication and Cross-Functional Collaboration - Strong written and verbal communication across technical and business audiences. Proven ability to drive action and consult across departments, including project management experience 5. Technical Acumen and Ability to Execute Independently - Solid understanding of IT domains including network architecture, cloud computing, and information security. Self-motivated, able to work independently, and passionate about continuous learning in compliance. Location: Atlanta General Office (Headquarters) Work Environment: A hybrid work schedule, as defined by the department, is possible following the initial onboarding phase, depending on business needs and individual performance. Overview
The Information Security Compliance Team is seeking a highly motivated and detail-oriented professional to join the team with a primary focus on IT compliance for Payment Card Industry (PCI). This role will support a variety of Governance, Risk & Compliance (GRC) initiatives and drive special projects while managing competing priorities effectively. Required Qualifications

• Prior experience (5+ yrs) with PCI DSS assessments and supporting activities
• Deep understanding of the PCI DSS 4.0.1 Standards and PCI scoping and network segmentation in large enterprise environments
• Assess, analyze, and drive remediation of security control deficiencies and compliance gaps; provide strategic guidance for sustainable mitigation and process optimization
• Ability to consult IT business partners on PCI scope and segmentation requirements
• Strong understanding of vulnerability management and penetration testing methodologies
• Strong written and verbal communication skills across multiple channels and organizational levels
• Self-starter with the ability to work independently and deliver clear, actionable results
• Demonstrated passion for learning and applying compliance standards
• Skilled in drafting and interpreting policies and procedures
• Proficient in identifying, implementing, and managing security controls
• Knowledgeable in collecting and interpreting evidence and artifacts for various assessments
• Solid grasp of IT domains including information security, network architecture, and cloud computing
• Prior experience in Governance, Risk & Compliance (GRC) organization or comparable role

Preferred Qualifications

• Practical audit and control testing experience
• Project management experience with the ability to drive action across functional areas
• Experience in the aviation industry
• Prior experience with PCI DSS

Desired Certifications

• Payment Card Industry - Professional (PCI-P)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)

Responsibilities

• Responsible for the design, testing, evaluation, implementation, support, management, and deployment of security systems/devices used to safeguard the organization's information assets. Also responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.
• Works with the technical team to recover data after a security breach.
• Configures and installs firewalls and intrusion detection systems.
• Develops automation scripts to handle and track incidents.
• Investigates intrusion incidents, conducts forensic investigations and mounts incident responses. -Delivers technical reports and formal papers on test findings.
• Installs firewalls, data encryption, and other security measures.
• Maintains access by providing information, resources, and technical support.
• Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.
• Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Accomplishes information systems and organization mission by completing related results as needed.
• Builds, deploys, and tracks security measurements for computer systems and networks.
• Mitigates security vulnerabilities by implementing applicable solutions and tools.
• Performs vulnerability testing, risk analyses, and security assessments.
• Collaborates with colleagues on authentication, authorization, and encryption solutions.
• Tests security solutions using industry standard analysis criteria.
• Responds to information security issues during each stage of a project's lifecycle.
• Performs risk assessments and testing of data processing systems.
• Establishes system controls by developing framework for controls and levels of access; recommending improvements
• Establishes computer and terminal physical security by developing standards, policies, and procedures; coordinates with facilities security; recommends improvements. -Safeguards computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommends improvements.
• Determines the sensitivity of the data in order to recommend the appropriate security needs.
• Develops proposals for, and consider cost effective equipment options to satisfy security needs. -Communicates with the technical team, management team and users companywide if data security is breached.
• Designs infrastructure to alert the technical team of detected vulnerabilities.
• Evaluates new technologies and processes that enhance security capabilities.
• Supervises changes in software, hardware, facilities, telecommunications and user needs.
• Defines, implements, and maintains corporate security policies.
• Analyzes and advises on new security technologies and program conformance.
• Creates, tests, and implements network disaster recovery plans.
• Recommends security enhancements and purchases.
• Trains staff on network and information security procedures.
• Develops security awareness by providing orientation, educational programs, and on-going communication.
• Recommends modifications in legal, technical and regulatory areas that affect IT security.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. NLB is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, contact HR department by sending an e-mail to View email address on click.appcast.io .