Job description / Role
About PayFort, an Amazon Company: We serve the needs of online shoppers in all Arabic speaking and surrounding countries through our trusted, secure payment network that gives everyone the opportunity to shop online safely and easily. We build trust between buyers and online sellers by enabling consumers to transact online using the payment options they prefer with complete security and peace of mind while supporting the most popular payment methods available globally. PayFort is part of Souq Group, established in 2013. PayFort is regional expert in payment processing technology and solutions across major markets in the GCC & Levant countries, operating in UAE, Egypt, Saudi Arabia, Lebanon, Jordan and Qatar.
We are looking for a seasoned information security engineer. You will work closely with leadership, business partners, and engineering teams to define, develop, and release security recommendations and technical solutions that drive security value, automation, and operational improvements across the business.
If you enjoy identifying security issues in system services and applications, and are skilled at analyzing novel threat scenarios, this position will provide you with a unique opportunity to secure the next generation of payments technology.
• Evaluating complex business and technical requirements, communicating inherent security risks and solutions to technical and non-technical business owners.
• Working with engineering, product management, and compliance teams across Amazon to design, develop, deploy, and maintain scalable security solutions in a heterogeneous environment with both “bought” and “built” technologies.
• Drive awareness of security guidelines, secure-by-default configurations, and technological implementations.
• Identify and drive continuous process improvements across security programs and services.
• Conducting security reviews to verify compliance and trigger remediation action when necessary.
• Creating and maintaining programmatic access control policies for existing and new services, and features within data path using internal tools.
• Driving InfoSec policy definition, updates, and policy violation measures.
• Perform end-to-end application security reviews to ensure critical information is appropriately protected.
• Identify security vulnerabilities and risks, and develop mitigation plans.
• Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start.
• Architect, design, implement, support, and evaluate security tools and services.
• Develop and interpret security policies and procedures.
• Develop and deliver security training across the company.
• Evaluate and recommend new and emerging security technologies for use inside and outside the security organization.
• Produce creative and inventive solutions for large problems.
• Be an advocate for customer trust.
• Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or related field, or 7+ years relevant work experience
• 7+ years of security engineering experience
• 4+ years of experience and involvement with development team(s) that delivered commercial software or services
• Experience in security engineering, system and network security, security protocols, cryptography, and application security
• Experience with the application of threat modeling or other risk identification techniques
• Proficiency in at least one modern programming language, such as C++, Java, or Python.
• Proficient oral and written communication skills with the ability to tailor communications to various levels of management including precise and effective customer communications.
• Experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. SOC1, SOC 2, HIPAA, PCI, or ISO 27001, FedRAMP, IRAP).
• Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
• CISSP, CISA, CISM and/or other comparable security controls or audit certifications.
About the Company
Amazon.ae, formerly Souq.com, is an English-Arabic language e-commerce platform, owned by Amazon, Inc. It is the largest e-commerce platform in the Arab world. On March 28, 2017, Amazon.com Inc. confirmed it would be acquiring Souq.com for $580 million. On May 1, 2019, Souq.com became known as Amazon.ae.