Senior PCI Engineer
Sorry, this job was removed at 10:30 p.m. (EST) on Thursday, March 8, 2018
By clicking Apply Now you agree to share your profile information with the hiring company.
We're looking for a former PCI-QSA or equivalent. Someone who can verify that a firewall was properly installed. Someone that can confirm whether a policy was implemented. Someone who knows where to look for stored cardholder data in a database. Someone who knows how to appropriately define scope. Very little hand-holding offered in this position; we need someone who can hit the ground running, who has a solid professional demeanor.
Duties
- Conducts internal PCI compliance assessments, gap analyses, and actionable recommendations for remediation
- Provides accurate, complete and timely written documentation for all project phases including pre-project planning, on-going status reports, and project deliverables including technical issues and associated business risks, account management team interaction, and project wrap-up reports
- Communicating with project stakeholders to effectively convey requirements of technical and process improvements.
- Develop customized policies, procedures and controls and technical documentation for applications, systems and infrastructure.
- Possess an in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO etc.).
- Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
Requirements:
- Technical skills in assessing servers (*NIX and Windows), firewalls, and other security platforms for PCI DSS controls required
- Mid to advanced level methods knowledge of the following:
- Vulnerability scanning
- Penetration testing (network, system and application)
- Application development
- Policy development
- Forensics
- Security event monitoring
- Compliance: regulatory, privacy, international laws and statutory requirements.
- Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies.
- Governance: vendor management, policy frameworks, control design and security design/architecture.
- Security architecture: infrastructure, network and systems design with CEH
- Knowledge of and hands-on experience with PCI audits and PCI attestations.
Abilities
- Communicate effectively across business and technical boundaries.
- Work independently without detailed guidance.
- Be proficient in writing executive level reports and technical documentation.
Education and Experience
- Ideally a former QSA (last 3 years) and hold CISSP and CEH
- At least one other Security, Risk or IT certification (i.e. CobiT, CRISC, CISA, CISM, or ISO 27001) achieved.
- Bachelor’s Degree from an accredited 4 year university.
- Minimum 10 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field.
Read Full Job Description