Security Engineer - 1554 at In All Media Inc

Position: Security Engineer (Remote from LATAM)
Company: InallMedia.com

InallMedia.com is seeking a highly motivated and experienced Security Engineer with a background in the financial sector (preferred, but not mandatory) to join our team remotely from LATAM. The ideal candidate will have a deep understanding of financial sector compliance requirements, demonstrate strong skills in performing security risk assessments and conducting threat modeling exercises, and a genuine passion for embedding security throughout the software development lifecycle.

Job Overview

In this role, the Security Engineer will be responsible for leading and coordinating Security Threat Modeling exercises (particularly using STRIDE) and assessing security controls during various risk assessments. The ideal candidate will also possess advanced knowledge of AWS cloud environments and the ability to automate or streamline security validations using scripting. Although experience in the financial sector is preferred, a solid understanding of compliance frameworks like PCI DSS and other standards is essential to align security controls and meet regulatory requirements.

Primary Responsibilities

1. Security Risk Assessments
   • Conduct periodic risk assessments to identify vulnerabilities and prioritize security measures based on business impact.
   • Perform manual reviews, script-based checks, and interviews to evaluate corporate tools and validate configurations against security baselines.
2. Security Threat Modeling
   • Lead threat modeling exercises using methods like STRIDE to identify, analyze, and mitigate potential threats across applications, infrastructures, and workflows.
3. Compliance and Audits
   • Ensure compliance with relevant frameworks and regulations (e.g., PCI DSS, NIST CSF, CIS, Zero Trust), especially in financial environments.
   • Work directly with auditors and compliance teams to demonstrate the effectiveness of implemented security controls.
4. Policy Management and BCP/DR
   • Maintain and update security policies, ensuring alignment with business goals and Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies.
   • Conduct tabletop exercises to ensure the robustness of the BCP/DR strategy.
5. Security Integration into SDLC
   • Collaborate with development and service teams to ensure that security is embedded in the design and development of new features.
   • Lead efforts to integrate security into DevSecOps pipelines, ensuring security reviews and configuration validations occur before deployment.
6. AWS Security and Automation
   • Design, implement, and manage security controls in AWS environments, including container management.
   • Write scripts that automate security assessments and configurations, generating clear reports for both technical and non-technical teams.
7. External Vulnerability Assessments
   • Review external security assessments to identify potential gaps and develop mitigation strategies.
   • Validate the ongoing effectiveness of implemented cybersecurity controls.
8. Monitoring Emerging Threats
   • Stay updated on emerging threats related to cloud security and AI security, proactively recommending adjustments to current security practices.
9. Communication and Collaboration
   • Foster collaboration with cross-functional teams, using tools like JIRA (or equivalents) to manage tasks and track security remediation efforts.
   • Demonstrate excellent communication skills to present findings and risks clearly, articulating solutions and needs effectively.

Required Qualifications (Must Have)

• Experience: Minimum of 5+ years in information security
  4+ years of hands-on experience with AWS.

• Threat Modeling: Solid experience in conducting Security Threat Modeling using methodologies such as STRIDE, and performing security risk assessments.
• Security Frameworks Knowledge: Demonstrated expertise in NIST CSF, PCI DSS, CIS, Zero Trust, and their practical application in aligning security controls.
• Security Tools and Frameworks: In-depth knowledge of industry-standard security tools, methodologies, and best practices for secure configurations.
• Financial Sector Compliance: Strong understanding of financial sector regulations and compliance requirements, especially PCI DSS (financial sector experience preferred, not mandatory).
• Scripting Skills: Proficiency in writing and maintaining scripts that automate security assessments and configurations, with a focus on AWS and container environments.
• Communication and Coordination: Excellent coordination skills to work with cross-functional teams, document and present risk findings, and use project management tools (e.g., JIRA).

Desired Qualifications (Nice to Have)

• Direct Experience in the Financial Sector: Prior experience working in financial environments, with a deep understanding of their processes and specific security requirements.
• Emerging Threats Expertise: Knowledge of emerging threats in the areas of cloud security and AI security, proactively recommending adjustments to security practices.