Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.

As our Vulnerability Management Analyst you will evaluate, test, recommend, develop, coordinate, monitor, and maintain information security policies, procedures and systems, including hardware, firmware and software . You will ensure that IS security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IS standards and overall IS security . Identify security risks and exposures, determine the cause of security violations and suggest procedures to halt future incidents. Investigate and resolve security incidents and recommend enhancements to improve security. Develop techniques and procedures for conducting IS security risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents.

Vulnerability Management:

• Maintain vulnerability scan solutions enterprise wide.
• Perform vulnerability scans across the enterprise for all supported initiatives (BAU, ASV, ATO, AdHoc, GoldImage).

EVM department ticketing system JIRA:

• Incorporate jira into your workday. It is your responsibility to review the department's ticket queue throughout the day for new tickets in the todo column.
• Todo tickets should be worked from oldest to newest and before working a ticket ensure you have assigned the ticket to yourself.
• New tickets should be assigned within 72 hours and all assigned tickets should be updated weekly at a minimum.
• ATO & AdHoc tickets should be completed within 72 hours of assignment date.
• If a ticket is moved to block status because you can no longer work on it, then you are to notify your leader and move to another task.
• If you can not meet the deadline or it will be delayed you must communicate this with your leader and the ticket owner to make them aware of the delays.

Documentation:

• Maintain department documentation of vulnerability scanning processes, systems, workflows etc for all we build including configurations: example: EVM SC6 scan zone documentation.

Collaboration and Training:

• Work closely with cross-functional teams, including operations (NOC, SOC), and compliance (GRC, Internal Audit) to align vulnerability management with business objectives.
• Identify personal gaps in training and notify leadership where you need assistance as part of your 4 talks. For instance if you are working on a new system you don’t know and need more training say so and we will do the best to provide it.

Security Audits and Compliance:

• Support our efforts in security audits if needed, helping organizations achieve compliance with regulatory frameworks (e.g., PCI DSS, HIPAA, GDPR).
• Ensure systems meet security standards by identifying gaps and proposing solutions to align with best practices.

Research and Development:

• Stay current with the latest vulnerabilities, exploits, and security trends.

Reporting and Documentation:

• Generate detailed, accurate, and clear reports that describe findings, risks, and remediation recommendations to both technical and non-technical stakeholders.
• Maintaining of Login Credentials:
• You must maintain all your login credentials across business and segments we work by logging in at least monthly to all personal credentials.
• Secrets and Service accounts should be stored in a secure vault

Technical Skills required for the job:

Programming Languages:

• Proficiency in languages commonly used for automation, such as Python, PowerShell, or Bash. If you need more help, or struggle with the languages being used on a project let your leadership know so we can assist.

Security Tools and Technologies:

• Familiarity with scanning tools (e.g., Tenable Nessus, SC, IO, Qualys, Agents(Tenable/Qualys)
• Familiarity with Linux and Windows operating systems and their commands.
• Understanding of APIs and how they work.

Networking and System Administration:

• Understanding of network protocols, systems administration, and security best practices.
• Understanding of different ports used by different apps

Soft Skills required for the job:

Client Interaction and Engagement:

• Communicate with clients to understand their security needs, manage expectations, and provide regular updates on assessment progress.
• Provide consultation on remediation efforts.

Critical Thinking:

• Employ critical thinking while conducting vulnerability research, remediation, and false positive efforts.

Due Diligence/Care:

• Practice due diligence and due care in everything you undertake.

Cross-functional Collaboration:

• Work closely with operations (NOC, SOC) and network & security engineering to ensure business continuity, rapid response to outages, security incidents and network topology changes.
• Support incident response teams during active investigations, providing expertise in vulnerability management; scan coverage, scan methods, criticality, exploitability.

Adaptability:

• Willingness to learn and adapt to new tools, technologies, and methodologies as the cybersecurity landscape evolves. Ability to pivot to new tasks as needed to solve critical issues impacting applications during testing or gaps identified during tests

At Global Payments our vision is to be “Champions of Inclusion.” We are fully committed and focused on creating a better tomorrow in the communities in which we live and work. We aspire to ensure fair treatment, access, opportunity and advancement for all team members. We believe all team members should be able to bring their true, authentic selves to the workplace and feel accepted, engaged and understood.

Global Payments offers a comprehensive benefits package to all of our team members, including medical, dental and vision care, EAP programs, paid time off, recognition programs, retirement and investment options, charitable gift matching programs, and worldwide days of service. To learn more, review our Benefits page at: https://jobs.globalpayments.com/en/why-global-payments/benefits/

Applicants MUST be authorized to work in the U.S. We are unable to sponsor or take over Sponsorship of an Employment and/or Student Visa at this time or any time in the near future for sponsorship.

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact jobs@globalpay.com.