Are you ready to keep the data of 49 million global customers safe?Groupon\u2019s Information Security team is seeking an experienced security analyst with a strong background in audit or compliance to support Groupon\u2019s PCI Compliance initiatives.Your main responsibility is to take ownership of the support for our PCI environment which includes tracking the status of all PCI DSS issues on assigned projects and periodic tasks, troubleshooting security incidents, performing vulnerability management and remediation and update servers with critical patches. Additionally, you will be responsible for consulting internally in the testing and deployment of systems and networks to ensure a compliant infrastructure and proper management. You will handle SSL certificates and providing guidance around third-party vendor security reviews.Does this sound like you?Excellent verbal, interpersonal, and written communication skillsExcellent analytical, problem-solving and decision-making capabilitiesCan effectively work self-sufficiently across a geographically distributed team environment with integrityIs a results oriented, high energy person who takes pride in their workProfessional Skills & ResponsibilitiesWork and assist with various PCI Teams as an information security expert on projects and offers council regarding the intent of PCI requirementsAssist in handling PCI Discovery\/Gap Analysis initiatives and coordinate with various functional groups to resolve PCI compliance status for assigned clientsAssist during the audit to manage the process of providing all requested evidence during our PCI assessmentsWork with global security team members leadership to ensure security best practices are identified and integrated into all facets of projects including network, system designs\/configuration, and implementationsAbility to work with multiple teams and partners to handle vulnerabilities and fix issues efficientlyAssist in documenting standards, processes, and procedures for incident response, security systems, and tools as neededCreate, review and update architectural and network diagramsSoftware patching and vulnerability remediation - Maintain client management tool for patching. Research, run, and audit application, workstation, and server patches on a monthly basisAssist in monitoring and support security software\/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to: endpoint security (anti-malware, encryption), IDS\/IPS (Host\/Network\/Wireless), log management\/correlation, firewall reviews, Application Whitelisting, etc.Keep us ahead of the curve by identifying and recommending changes to policies and procedures to mitigate key security risksSupport various security technologies, including vulnerability scanning, multi-factor authentication systems, network and perimeter monitoring, and the systems related to log and event information, alerts, and connections of systems providing logs and alertsApprove, support, and troubleshoot TLS Certificates and installation.Provides risk guidance for IT projects and recommendations for controls relating to third party management.Isolate and resolve incident tickets related to security systems.Identify areas where existing security architecture requires improvement and develop proposals, processes and implementation plansProvide technical and operational security support to Engineering, Legal, and various business unitsQualifications\/Requirements:4 years job related experience in compliance or technical engineering fieldHas worked in a regulated environment, preferably dealing with PCI, SOX or other federally regulated examinations Demonstrated expertise managing a compliance project and effectively managing stakeholdersAbility to work in an Agile development environment Ability to develop a detailed estimates of the level of effort required and create a project plan for the deliverable objectiveTrack, manage, and adjust the original plan as necessary to ensure successInformation Security Certification(s) with demonstrated work experience preferred. Desired certifications include: CISA, CISP, PCI, PMP (a plus)Knowledge and familiarity related to administering and securing OSX and Linux operating systems, database platforms, endpoint security and network infrastructure is preferred.Experience with best practices related to network architecture & security controls (Routers, Firewalls, networking protocols, etc)Ability to recognize\/analyze\/and document deficiencies and articulate those deficiencies to both technical and non-technical key management personnel.Experience using a risk-based audit approach in evaluations of and recommendations for management processesDiligent in coordinating and executing processes and proceduresAn understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standardsExperience using with open-source software and command line utilitiesExperience with vulnerability management and penetration testing tools such as Rapid7, Tenable, etc.An understanding of IDS\/IPS software such as CloudPassage, OSSEC, etc.Be able to participate effectively in an on-call rotationUnderstanding of policy and procedure developmentDemonstrated track record staying up to date with industry information security and compliance knowledgeAbility to perform workstation and server patching
Website : http://www.groupon.com
Groupon's mission is to become the world's commerce operating system. By connecting buyers and sellers through price and discovery, we have the opportunity to become one of the world's essential companies, a daily habit for our customers and merchant partners.