Information Security Engineer at Brightwell

What We DoBrightwell is a pioneering payments company dedicated to providing innovative solutions and technology for global money transfers while navigating the intricate landscape of regulatory requirements. Through strategic partnerships and technological advancements Brightwell facilitates cross-border payments offering a range of options including bank transfers mobile wallets and cash transactions empowering businesses and individuals to seamlessly manage and move money worldwide.Who We NeedWere searching for a senior Information Security Engineer to play a key role in our security and compliance programs. Youll balance hands-on security engineering with compliance program management working closely with our Chief Compliance Officer and General Counsel on risk decisions and audit matters.Youll lead SOC2 Type II and PCI DSS program execution (50% of your time) while conducting security assessments penetration testing and vulnerability management across our applications and Azure infrastructure (50% of your time). You should be the security subject matter expert who can independently drive programs while partnering with our CCO on compliance strategy.This role is perfect for a seasoned security professional who thrives at balancing compliance rigor with hands-on security work. Youll write control narratives for auditors in the morning and pentest APIs in the afternoon. Reporting to the VP of Engineering within IT Operations youll have direct access to our Chief Compliance Officer and General Counsel for compliance matters and risk decisions.**This is a HYBRID position based in Atlanta GA. Candidates will be expected in the office a minimum of two days per week.What Youll DoSOC2 & PCI Compliance Programs (50%):Own SOC2 Type II program execution including control design audit preparation and evidence collection in partnership with our Chief Compliance OfficerDevelop and maintain information security policies procedures and control narratives aligned with SOC2 Trust Services Criteria and PCI DSS requirementsLead risk assessments and security audits ensuring documentation meets industry and regulatory requirementsCreate and maintain technical documentation (network diagrams system architecture data flows) and conduct internal control testingServe as primary technical liaison with external auditors and manage PCI vulnerability scans and penetration testingApplication & Infrastructure Security (50%):Conduct threat modeling security assessments and penetration testing of Azure-based applications and APIs including code reviews focused on authentication authorization and data protectionReview validate and design security controls across Azure infrastructure including Network Security Groups firewalls Azure AD/Entra ID and Key VaultManage and optimize security tools (endpoint protection SIEM vulnerability scanners automated testing platforms) and coordinate continuous vulnerability scanning and remediation with development and infrastructure teamsInvestigate and respond to security incidents with root cause analysis and implement preventive measuresPartner with DevOps to integrate security into CI/CD pipelinesEvaluate and implement new security and automation technologiesProvide security training and guidance to promote a strong security cultureAs an Information Security Engineer you haveBachelors degree in Information Security Computer Science or related field (or equivalent experience)7 years of hands-on information security experience preferably in financial services or highly regulated environmentsProven experience managing SOC2 Type II and PCI DSS compliance programs including control design policy development and audit coordinationStrong technical skills in penetration testing vulnerability assessments and security code reviewsExperience with Azure security (Network Security Groups Azure AD Key Vault Security Center) and security tooling (SIEM vulnerability scanners endpoint protection)Experience investigating and responding to security incidents with strong analytical and problem-solving skillsExcellent communication skills with the ability to explain technical security concepts to both technical and non-technical stakeholdersProven ability to work independently as a security subject matter expertSecurity certifications (CISSP OSCP CEH GIAC or Azure Security) are preferred but not requiredWhat Were Offering in ReturnEmpowered Work: Own your work and grow your career with real autonomy and impactHybrid Flexibility: 3 days remote 2 days in our Atlanta office at the BatteryGlobal Impact: Join a passionate team building mission-critical tools for people around the worldGreat Benefits: Medical dental vision disability 401(k) paid parental leave PTO and moreSupportive Environment: Thrive in a collaborative inclusive workplace that values innovation and continuous learningBrightwell is an equal opportunity employer (EOE) committed to employing a diverse workforce and sustaining an inclusive culture. Required Experience:Senior IC Key Skills International Development,Access Control System,Finance Control,Informatica,Information Technology Sales,Asp.Net MVC Employment Type : Full-Time Experience: years Vacancy: 1