Security Engineer (DevSecOps)

Overview

Join to apply for the

Security Engineer (DevSecOps)

role at

Contour Software . About Contour : Contour Software has grown from a dozen people to over 2,000 staff across 3 cities, in less than 14 years. As a subsidiary of Constellation Software Inc., we are part of a global enterprise software conglomerate with a broad portfolio and international reach. Contour employees, located in Karachi, Lahore & Islamabad, serve CSI divisions across time zones worldwide. About The Role : Constellation Payment Processing is a modern PayFac platform on AWS. We are building a cloud-native PayFac platform with microservices across TypeScript / JavaScript, Java, and Ruby, with a ReactJS front end. As our Security Engineer, you’ll co-own the DevSecOps program—driving continuous security automation, compliance automation, and penetration testing. You’ll design and orchestrate SAST / SCA / DAST across services, champion remediation practices, and partner with our compliance team to translate control objectives into repeatable, automated evidence. Our customers are ISV vendors who embed payments by integrating with our APIs, SDKs, and webhooks. Security and compliance are product features. You’ll ensure our developer-facing surface area is secure by default, establishing standards for authentication and authorization (OIDC / OAuth2 / JWT, mTLS / JWS for webhooks), key and secret management, request signing, idempotency, rate-limiting / abuse controls, and secure data handling that minimizes PCI scope for ISVs. You’ll create secure integration patterns (reference apps, checklists, threat models / DFDs) so partners can implement quickly without compromising controls. You’ll harden isolation boundaries, lead supply-chain security, and build continuous evidence for PCI DSS 4.0 (and SOC 2 / ISO as needed). You’ll collaborate with partner security and compliance teams on due-diligence requests and own pre-launch security reviews for new ISV integrations. You’ll help run incident response drills and define partner-facing communications and SLAs for security events. Finally, you’ll research and implement AI-assisted security with guardrails, and own KPIs that demonstrate multiplier effects—reduced MTTR, lower false-positive rates, higher auto-triage coverage, and faster time-to-evidence.

#J-18808-Ljbffr