[Hiring] Security Engineer @AudienceView

Role Description

You are passionate about cybersecurity and understand the critical importance of PCI DSS compliance in a fast-moving business. You are curious about the security implications of AI and LLM adoption and want to help shape how the organization deploys these technologies safely. You thrive in a collaborative, fast-paced setting where you balance security responsibilities with enabling the business to move quickly. You can communicate complex security and compliance topics clearly to both technical and non-technical stakeholders, including auditors and assessors. You enjoy mentoring peers and contributing to a strong security culture across the organization.

What you’ll do:

• Support and maintain Audienceview’s PCI DSS compliance program, including scoping exercises, gap assessments, evidence collection, and coordination with QSAs during annual audits.
• Plan and execute penetration tests against internal and external systems, web applications, and APIs - documenting findings and working with engineering teams to drive remediation.
• Perform application security assessments and code reviews to identify vulnerabilities across Audienceview’s software portfolio.
• Evaluate and secure AI and LLM integrations.
• Incident response - Monitor, detect, and respond to security events and incidents. Be open to flexible working hours to support Incident response.
• Perform vulnerability assessments and risk analyses to manage security gaps.
• Design, implement, and maintain security controls, policies, and procedures aligned with Industry and regulatory frameworks.
• Conduct security reviews of system architectures, network configurations, and application deployments - ensuring PCI DSS requirements are addressed from design through production.
• Collaborate with Engineering teams to embed security and compliance requirements into the SDLC.
• Investigate and triage security alerts, perform root cause analysis, and document findings for both operational and compliance purposes.

Qualifications

• Demonstrated penetration testing experience, including network, web application, and API testing using industry-standard tools (e.g., Burp Suite, Metasploit, Nmap, OWASP ZAP).
• Software development or secure code review experience - able to read, analyze, and identify security flaws in application source code.
• Strong understanding of PCI DSS requirements (v4.0+) and experience supporting PCI DSS audits.
• Experience with cloud security in AWS or Azure environments.
• Knowledge of OWASP Top 10, common application vulnerabilities, and secure coding practices.
• Knowledge of identity and access management (IAM), multi-factor authentication, and zero-trust principles.
• Understanding of vulnerability management lifecycle, patch management processes, and compensating controls.
• Knowledge of common attack vectors, MITRE ATT&CK framework, and threat intelligence practices.
• Familiarity with one or more of the following languages: Java, JavaScript, C++, Clojure, .NET, or Classic ASP.
• Solid grasp of operating systems security (Windows, Linux, macOS).

Nice to Have

• Awareness of AI security risks, familiarity with MCP (Model Context Protocol) and experience securing AI agent-to-tool integrations.
• Proficiency with SIEM (Security Information and Event Management) platforms & EDR (Endpoint Detection and Response) solutions.
• Familiarity with scripting and automation (Python, PowerShell, Bash) for security operations and compliance evidence collection.
• Experience with endpoint security & DLP (Data Loss Prevention).
• Experience with containerization and Kubernetes security.
• Experience with SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools.
• Background in red team or purple team exercises.
• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field - or equivalent practical experience.
• Certifications (one or more preferred): PCIP, PCI-QSP, OSCP, CISSP, CRISC, CISA CEH, AWS, Azure.
• Any other industry-recognized cybersecurity or AI security certification.
• 5+ years of hands-on experience in information security, cybersecurity operations, or a related systems security role.
• Excellent communication skills in English.

Benefits

• We’re a global leader in live events technology.
• We’re passionate about live entertainment.
• We have amazing clients, including sports, live music, and performing arts organizations.
• Our employees love us, offering excellent benefits, competitive salaries, flexible hours, remote work opportunities, and more!
• We're a remote-first company, allowing flexibility to work anywhere in Canada, the USA, UK, and Chile.
• Diversity and inclusion are paramount to building our culture.
• Flexible work schedule: Employees can take off alternating Fridays by condensing their two-week schedule into 9 days.
• Flexible, uncapped vacation and sick policy.

Important Hiring Notice

AudienceView only extends job offers after direct conversations with both the hiring manager and HR via Microsoft Teams. We do not make offers via text or without a formal interview. If you receive a suspicious message, please disregard it. This position is for an existing vacancy on our team, and we’re excited to find the right person to join us. We value clear communication, so if you interview with us, you’ll hear back about our decision within 45 days of your final interview. For compliance and transparency, we securely keep job postings and application details for up to three years after the posting closes.