Hi there! We’re PAR and our purpose is:
To deliver solutions that connect people to the restaurants, meals and moments they love.
We take that responsibility very seriously. As a leading provider of technology to the top restaurant brands in the world we’re calling all rebels, instigators, idealists and builders to join our constantly growing team!
PAR invented the first standalone point of sale terminal over 40 years ago, yet we operate much like a start-up at the forefront of restaurant technology. Today, our solutions span Customer loyalty, engagement, restaurant management, payment services, drive-thru, and full POS integrations. These solutions are used to serve tens of millions of guests every day in over 120 countries.
Our mission is to build the number one restaurant technology company in the world and we’re off to great start.
We believe that our ambition is only limited by our ability to attract and retain great people; people who are up for the challenge to change the game with us! If it sounds like you belong here, we should meet!
Senior Cloud Security Engineer
Remote – US
About this role
The combined Punchh/PAR enterprise has a huge global footprint that you will take a lead role in keeping secure. We have a combined 200 million user accounts, 200,000 POS terminals, billions of transactions per month with billions of messages ingressing our cloud networks daily. With this scale comes the challenge of keeping data secure, defending from the latest zero-day threats, and implementing effective countermeasures without compromising user experience. We are looking for someone who enjoys a challenge, and is happy to learn, implement and work with the most cutting-edge solutions in the world of information security. The Senior Cloud Security Engineer role will be responsible for supporting the day-to-day cloud-security operations and PAR's monitoring program to ensure the stable and secure operations of PAR's systems and assets. The role requires a solid understanding of threat intelligence and analysis, incident response management, and vulnerability and patch management.
What You'll Do
- Identify projects with security debt, discover and report security exposures and develop mitigation plans.
- Configure, tune, optimize and automate security controls to improve PAR security & compliance readiness posture.
- Perform technical vulnerability assessments, including systems and network vulnerability assessments, penetration testing, web application assessments and similar duties.
- Assist with the configuration, evaluation and implementation of new security controls such as firewalls, vulnerability scanners, DDoS prevention, as well as other related tools.
- Provide situational awareness and reporting on information security status, security events/incidents, and trends in adversary behavior to PAR stakeholders.
- Take a leading role in the development and rollout of PAR's secure SDLC program in line with maintaining ISO 27001, SOC, GDPR and CCPA compliance.
- Assist with the design and implementation of metrics, security dashboards and scorecards on the state of PAR's security, threat, and vulnerability and patch management.
- Work closely with other technical teams (e.g., IT, Infrastructure & Operations, Engineering etc) to ensure vulnerabilities and threat indicators are properly rated and mitigated in a manner consistent with the risks; and risk mitigation activities and countermeasures are aligned with PAR's security policies.
What You'll need
- 10+ years’ professional experience in an engineering or devops role
- 5+ years cybersecurity, or information technology with a focus on security in a cloud environment.
- Excellent understanding of cloud security solutions and cloud-based architectures (IAAS, PAAS, SAAS)
- Experience in software development process including CI/CD pipelines and SSDLC controls
- Experience building automated tools in C, C++, Java, Python, Perl, PHP, Bash, or Ruby.
- Desired but not required: CISSP or equivalent security certification (e.g. GSEC, CompTIA CySA+, CISM).
- Be willing to obtain AWS Security Engineering certification within 12 months from date of hire.
- Experience with application/system/infrastructure security monitoring and applicable toolsets
- Experience working with security reference architectures with industry and regulatory standards and frameworks (SOC, ISO 27001, CCPA/CPRA, PCI-DSS, and GDPR).
- Perform/organize/coordinate technical vulnerability assessments, including systems and network vulnerability assessments, penetration testing, web application assessments, social engineering assessments, physical security assessments, and wireless security assessments.
- Keeps knowledge current by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; and participating in professional organizations.
- Unlimited PTO
- Company sponsored health insurance
- 401(k) with Company Match
- Healthcare coverage, FSA, HSA
- Life and AD&D insurance
- Competitive salaries and bonus
- Professional development
- Maternity and Paternity (Bonding) Leave
PAR is proud to provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. We also provide reasonable accommodations to individuals with disabilities in accordance with applicable laws. If you’d like more information about your EEO rights as an applicant, please click here.