Senior Information Security Engineer

We are seeking an experienced and hands-on Senior Information Security Engineer to lead vulnerability management, cloud security governance, and compliance-driven security control design across our AWS-based infrastructure.

This role goes beyond operational security monitoring. The ideal candidate must be capable of performing gap assessments against financial institution and regulatory requirements (including PCI-DSS), designing practical security control solutions, and working closely with system engineers to implement and validate those controls.

This individual will serve as the primary security owner for customer security reviews and external PCI-DSS audits.

• Own and manage the end-to-end vulnerability management lifecycle
• Perform risk-based vulnerability triage using CVSS and business context
• Define remediation priorities and enforce SLA adherence
• Manage exception processes and risk acceptance documentation
• Conduct weekly vulnerability review meetings
• Deliver executive-level vulnerability reporting and trend analysis

• Perform security gap assessments against:
• PCI-DSS requirements
• Customer contractual security requirements
• Internal security policies
• Design practical and scalable security control solutions when gaps have been identified
• Translate compliance requirements into technical implementation plans
• Develop remediation roadmaps with clear milestones
• Work directly with system engineers to implement security controls
• Validate and formally accept implemented controls
• Ensure evidence collection meets audit standards

Examples of control areas include:

• Access control and IAM hardening
• Network segmentation and security group design
• Logging and monitoring architecture
• Patch and configuration management controls
• Encryption and key management

• Define and maintain AWS security baselines
• Continuously assess cloud security posture
• Identify misconfigurations and reduce attack surface
• Review public exposure risks
• Strengthen identity and access management controls

• Act as primary security contact for customer security assessments
• Lead preparation for external PCI-DSS audits
• Coordinate internal teams to collect and validate audit evidence
• Respond to customer security questionnaires
• Track audit findings and drive remediation to closure
• Maintain audit-ready documentation

• Develop and maintain security policies and standards
• Improve the Vulnerability Management Program
• Define security KPIs and metrics
• Support incident investigations when required
• Provide internal security guidance and training

• 5+ years of experience in Information Security or Cloud Security
• Strong hands‑on AWS security experience
• Experience designing and implementing security controls
• Experience performing gap assessments against regulatory standards
• Deep understanding of vulnerability management processes
• Strong knowledge of IAM, network security, encryption, and logging
• Ability to independently lead audit discussions
• Strong documentation and cross‑team coordination skills

• Familiarity with hybrid cloud/on‑prem security architectures
• AWS Security Specialty certification
• CISSP, CISM, or equivalent certifications
• Experience in SOC 2 or ISO 27001 environments
• Ability to communicate in Mandarin Chinese (to collaborate with China‑based development teams)