Are you ready to keep the data of 49 million global customers safe?

Groupon’s Information Security team is seeking an experienced security analyst with a strong background in audit or compliance to support Groupon’s PCI Compliance initiatives.

Your main responsibility is to take ownership of the support for our PCI environment which includes tracking the status of all PCI DSS issues on assigned projects and periodic tasks, troubleshooting security incidents, performing vulnerability management and remediation and update servers with critical patches. Additionally, you will be responsible for consulting internally in the testing and deployment of systems and networks to ensure a compliant infrastructure and proper management. You will handle SSL certificates and providing guidance around third-party vendor security reviews.

Does this sound like you?

• Excellent verbal, interpersonal, and written communication skills
• Excellent analytical, problem-solving and decision-making capabilities
• Can effectively work self-sufficiently across a geographically distributed team environment with integrity
• Is a results oriented, high energy person who takes pride in their work

Professional Skills & Responsibilities

• Work and assist with various PCI Teams as an information security expert on projects and offers council regarding the intent of PCI requirements
• Assist in handling PCI Discovery/Gap Analysis initiatives and coordinate with various functional groups to resolve PCI compliance status for assigned clients
• Assist during the audit to manage the process of providing all requested evidence during our PCI assessments
• Work with global security team members leadership to ensure security best practices are identified and integrated into all facets of projects including network, system designs/configuration, and implementations
• Ability to work with multiple teams and partners to handle vulnerabilities and fix issues efficiently
• Assist in documenting standards, processes, and procedures for incident response, security systems, and tools as needed
• Create, review and update architectural and network diagrams
• Software patching and vulnerability remediation - Maintain client management tool for patching. Research, run, and audit application, workstation, and server patches on a monthly basis
• Assist in monitoring and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to: endpoint security (anti-malware, encryption), IDS/IPS (Host/Network/Wireless), log management/correlation, firewall reviews, Application Whitelisting, etc.
• Keep us ahead of the curve by identifying and recommending changes to policies and procedures to mitigate key security risks
• Support various security technologies, including vulnerability scanning, multi-factor authentication systems, network and perimeter monitoring, and the systems related to log and event information, alerts, and connections of systems providing logs and alerts
• Approve, support, and troubleshoot TLS Certificates and installation.
• Provides risk guidance for IT projects and recommendations for controls relating to third party management.
• Isolate and resolve incident tickets related to security systems.
• Identify areas where existing security architecture requires improvement and develop proposals, processes and implementation plans
• Provide technical and operational security support to Engineering, Legal, and various business units

Qualifications/Requirements:

• 4+ years job related experience in compliance or technical engineering field

• Has worked in a regulated environment, preferably dealing with PCI, SOX or other federally regulated examinations

• Demonstrated expertise managing a compliance project and effectively managing stakeholders

• Ability to work in an Agile development environment

• Ability to develop a detailed estimates of the level of effort required and create a project plan for the deliverable objective

• Track, manage, and adjust the original plan as necessary to ensure success

• Information Security Certification(s) with demonstrated work experience preferred. Desired certifications include: CISA, CISP, PCI, PMP (a plus)

• Knowledge and familiarity related to administering and securing OSX and Linux operating systems, database platforms, endpoint security and network infrastructure is preferred.

• Experience with best practices related to network architecture & security controls (Routers, Firewalls, networking protocols, etc)

• Ability to recognize/analyze/and document deficiencies and articulate those deficiencies to both technical and non-technical key management personnel.

• Experience using a risk-based audit approach in evaluations of and recommendations for management processes

• Diligent in coordinating and executing processes and procedures

• An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards

• Experience using with open-source software and command line utilities

• Experience with vulnerability management and penetration testing tools such as Rapid7, Tenable, etc.

• An understanding of IDS/IPS software such as CloudPassage, OSSEC, etc.

• Be able to participate effectively in an on-call rotation

• Understanding of policy and procedure development

• Demonstrated track record staying up to date with industry information security and compliance knowledge

• Ability to perform workstation and server patching

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.