Brightwell

About the Company

Brightwell is an Atlanta-based financial technology company that provides financial services, including cross-border payments, complex international refunds, and payroll services to more than 300K global workers from over 140 different countries. Brightwell's mobile-first platform and suite of financial tools simplifies B2C and P2P payments and personal finances.

Now you can do business with anyone, anywhere in the world.

Listed Jobs

Company Name

Brightwell

Job Title

Information Security Engineer

Job Description

**Job Title** Information Security Engineer **Role Summary** Lead and execute the SOC 2 Type II and PCI DSS compliance programs while conducting hands‑on security engineering for Azure‑based applications and infrastructure. Balance compliance program management with threat modeling, penetration testing, vulnerability management, and incident response. **Expectations** - 50 % of time on SOC 2/PCI compliance execution, including control design, audit coordination, documentation, and liaison with external auditors. - 50 % of time on application and infrastructure security: threat modeling, code review, Azure security configuration, tool management, CI/CD integration, and incident response. - Work independently as a security SME and collaborate closely with legal and compliance leadership. **Key Responsibilities** - Own SOC 2 Type II program: design controls, prepare audit evidence, manage control narratives, and coordinate with external auditors. - Manage PCI DSS compliance: oversee vulnerability scans, penetration testing, and maintain PCI‑specific policies. - Conduct threat modeling and security assessments of Azure applications and APIs; perform code reviews for authentication, authorization, and data protection. - Design, validate, and implement Azure security controls (NSGs, firewalls, Azure AD/Entra ID, Key Vault) and maintain documentation (network diagrams, system architecture). - Operate and optimize security tooling (endpoint protection, SIEM, vulnerability scanners, automated testing platforms). - Investigate incidents, perform root‑cause analysis, and implement remediation. - Integrate security into CI/CD pipelines in partnership with DevOps. - Evaluate new security and automation technologies; provide security training and guidance. **Required Skills** - Proven SOC 2 Type II and PCI DSS program management experience. - Advanced penetration testing and vulnerability assessment skills. - Strong Azure security knowledge: NSGs, Azure AD/Entra ID, Key Vault, Security Center. - Experience with SIEM, endpoint protection, vulnerability scanners, and automated testing tools. - Ability to analyze and respond to security incidents. - Excellent written and verbal communication for technical and non‑technical audiences. - Independent problem‑solving and subject‑matter expertise in information security. **Required Education & Certifications** - Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). - Minimum 7 years of hands‑on information security experience, preferably in highly regulated or financial services environments. - Preferred certifications: CISSP, OSCP, CEH, GIAC, or Azure Security Engineer Associate, though not mandatory.

Atlanta, United states

On site

Senior

20-02-2026

Company Name

Brightwell

Job Title

Cybersecurity Engineer

Job Description

Job title: Cybersecurity Engineer Role Summary: Senior engineer responsible for managing SOC2 Type II and PCI DSS compliance programs while conducting threat modeling, penetration testing, and incident response on Azure-based applications and infrastructure; serves as the primary technical liaison with auditors, CCO, and GC. Expactations: • 7+ years of hands‑on security experience in financial or highly regulated environments • Proven leadership of SOC2 Type II and PCI DSS program ownership, including control design, policy development, and audit coordination • Strong technical skills in penetration testing, vulnerability assessment, code review (auth/authz, data protection), and Azure security (NSGs, Azure AD/Entra ID, Key Vault, Security Center) • Experience managing SIEM, endpoint protection, vulnerability scanners, and integrating security into CI/CD pipelines • Independent subject‑matter expert with excellent written and verbal communication; able to explain complex security concepts to both technical and non‑technical stakeholders • Analytical incident‑response capabilities with root‑cause analysis and preventive controls • Preferred, but not required, credentials: CISSP, OSCP, CEH, GIAC, or Azure Security certifications. Key Responsibilities: • Own SOC2 Type II program execution: control design, audit prep, evidence collection, and liaison with external auditors. • Develop and maintain security policies, procedures, and control narratives aligned with SOC2 Trust Services Criteria and PCI DSS. • Lead risk assessments and internal control testing; produce technical documentation (diagrams, architecture, data flows). • Manage PCI vulnerability scans and penetration testing; coordinate remediation with development and infrastructure teams. • Conduct threat modeling, security assessments, and code reviews for Azure‑based apps and APIs; validate and design network, identity, and data protection controls. • Operate and optimize security tooling (endpoint protection, SIEM, vulnerability scanners, automated testing). • Investigate and respond to security incidents, performing root‑cause analysis and recommending preventive measures. • Partner with DevOps to embed security into CI/CD pipelines and evaluate new security automation technologies. • Provide security training and guidance to foster a secure culture. Required Skills: • SOC2 Type II, PCI DSS compliance program management. • Azure security architecture (NSGs, Azure AD/Entra ID, Key Vault, Security Center). • Penetration testing, vulnerability assessment, and secure code review. • SIEM, endpoint protection, vulnerability scanning, and automated testing platforms. • Incident‑response and root‑cause analysis. • Strong written and oral communication; stakeholder engagement. • Independent decision‑making as a subject‑matter expert. Required Education & Certifications: • Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). • Preferred certifications: CISSP, OSCP, CEH, GIAC, Azure Security, etc.

Atlanta, United states

On site

Senior

19-02-2026