[Remote] PCI Compliance Analyst -Consultant
Note: The job is a remote job and is open to candidates in USA. Dice is seeking a PCI Compliance Analyst - Consultant for a 100% remote position. The role involves providing staff augmentation for PCI ASV Analyst consulting, assisting in the development and maintenance of the company's PCI DSS compliance program, and collaborating with cross-functional teams to ensure adherence to PCI DSS requirements.
Responsibilities
- Must have 5+ years of experience in security or compliance consulting or advisory work in support of a highly technical environment
- Must have 5+ years of experience in performing and/or participating in technical assessments in direct support of PCI DSS standardization such as: Analyze and validate client-submitted PCI ASV scans for attestation, ensuring all reviews are conducted with a high degree of accuracy and adherence to PCI DSS standards
- Conduct in-depth analysis of customer-submitted scan disputes by reviewing required evidence, performing independent verification, and recreating scenarios in a lab environment to ensure a fair and compliant resolution
- Serve as a trusted advisor by guiding customers through the PCI ASV scan submission process to help them achieve their compliance objectives such as: Proficiency with network fingerprinting (e.g., Nmap) and web application scanning tools
- Familiarity with browser dev tools and cURL
- Familiarity with Vulnerability Management Scanners/Products
- Ability to interpret CVEs and explain vulnerability exploitation to diverse audiences
- Collaborate with Technical Support Engineers, providing expert guidance to ensure PCI-related inquiries are handled with accuracy and client success in mind
- Maintain all required PCI ASV certifications and CPE hours, upholding the professional practice standards of the role
- Resolve escalated customer issues by troubleshooting complex technical findings and making decisions on optimal solutions
Skills
- Must have 5+ years of experience in security or compliance consulting or advisory work in support of a highly technical environment
- Specialized experience that includes a minimum of one (1) year in vulnerability scanning and/or penetration testing and at least two (2) years in any two of the following areas: Network security, Application security, System security, IT security auditing, or IT security risk assessment
- Must have 5+ years of experience in performing and/or participating in technical assessments in direct support of PCI DSS standardization
- Analyze and validate client-submitted PCI ASV scans for attestation, ensuring all reviews are conducted with a high degree of accuracy and adherence to PCI DSS standards
- Conduct in-depth analysis of customer-submitted scan disputes by reviewing required evidence, performing independent verification, and recreating scenarios in a lab environment to ensure a fair and compliant resolution
- Serve as a trusted advisor by guiding customers through the PCI ASV scan submission process to help them achieve their compliance objectives
- Proficiency with network fingerprinting (e.g., Nmap) and web application scanning tools
- Familiarity with browser dev tools and cURL
- Familiarity with Vulnerability Management Scanners/Products
- Ability to interpret CVEs and explain vulnerability exploitation to diverse audiences
- Collaborate with Technical Support Engineers, providing expert guidance to ensure PCI-related inquiries are handled with accuracy and client success in mind
- Maintain all required PCI ASV certifications and CPE hours, upholding the professional practice standards of the role
- Resolve escalated customer issues by troubleshooting complex technical findings and making decisions on optimal solutions
- Professional certification (CISSP, CISA, CSIM, CIA or similar) is highly desired
Company Overview