Bread, a division of Alliance Data, is a technology-driven payments company that partners with merchants and partners to personalize payment options for their customers. Bread integrates directly with merchants on their ecommerce site and gives them a single platform that lets them offer more ways to pay over time. Bread's full-funnel recommendation engine serves up the right options at the right time, empowering merchants to sell more, improve conversion, and lift average-order-value. To learn more, please visit breadpayments.com.
As a member of the security team at Bread you will have an opportunity to apply your technical expertise to support the organization on its journey to becoming the leader in the buy now, pay later platform powering the future of ecommerce.
We’re looking for a passionate cloud security engineer that is not afraid to conduct risk assessments, evaluate current processes, make recommendations, and present ideas that will make us think differently. Your technical skills are critical but soft skills are equally important to succeed in this role.
Your role at Bread:
- Work with cross-functional teams to identify, resolve, and mitigate security issues in AWS systems and processes.
- Perform triage of incoming issues using ticket tracking system.
- Perform analysis of transactional data, log files and/or other system outputs to identify malicious or anomalous activity.
- Evaluate, architect, build, monitor and support security infrastructure.
- Act as a point of escalation for investigation of systems and security events.
- Creates, publishes, maintains, and interprets Information Security baselines for specific technologies (e.g. operating systems, databases). Socializes Security baselines with stakeholders.
- Provide tuning and reporting recommendations of security tools.
- Propose, produce and review team metrics in support of security reporting requirements.
- Educate team members and constituents with trends in the information security community including new vulnerabilities, methodologies, and products.
- Participate in incident response and on-call as necessary.
- Develop enrichments and filters in platforms and build content for the SIEM to provide actionable contextual data to improve visibility and detection of anomalous events
- Employ and drive proven and mature frameworks (Security Controls Framework, CIS20, MITRE ATT&CK & OWASP, CVSS, etc.), methodologies and practices in delivering work products
- Deliver updates in Security group meetings routinely
- Deliver tech talks to other groups
- Advanced knowledge of AWS cloud native technologies and adoption/migration patterns
- Previous experience in Information Technology or Information Security.
- Experience writing script, regex or code in common languages.
- Ability to discuss Information Security concepts such as defense in depth
- At least three (3) years of experience with security in one or more public clouds
- Experience in at least one security domain such as Incident Response, Application Security, Infrastructure Security, Detection Engineering, Network Security, Cloud Security, Compliance, Governance, Cryptography, IAM, Privacy, Vulnerability Management, Risk Management, Threat Intelligence or Red Teams.
- Proficiency with security tools to include log centralization, cloud security posture management, CI/CD pipeline, vulnerability management.