Our client is a team of technology and strategic services enablers serving the retail community.

Successful applicants for this position will have experience and expertise within a fast-moving Agile organization supporting:

  • The management of annual and quarterly assessments to protect customer's sensitive payment data in compliance with Payment Card Industry (PCI) and Data Security Standards (DSS). The specialist shall be responsible for producing all required network diagrams and credit card data flow related to clients’ credit card processing environment. S/he will fill the required Network documentation to fulfill PCI DSS compliance requirements
  • Overall corporate security, ensuring that its security systems are working smoothly to reduce the company’s operational risks. S/he will conduct employee security awareness training, develop secure business and communication practices, and enforce adherence to security practices


  • Create the initial framework to collect and document the current PCI technical environment
  • Develop processes for real time updating of the PCI environment triggered by ongoing technical changes
  • Oversee continuous security assessment of network, infrastructure and applications
  • Maintain accurate records of audit and compliance findings and observations, management responses, response due dates, and corrective action plans
  • Assess controls related to: application processes, physical and logical security, systems acquisition and development, system and network infrastructure, change management, computer operations, and production support
  • Plan and execute multiple IT audits, including reviews of cyber security, internal applications, systems currently being developed, technology infrastructure and specialized or emerging technologies
  • All PCI firewall scan execution, review and remedy to ensure compliance with PCI DSS standards 3.2 and above


  • Bachelor’s degree in CS, engineering, software engineering, or related field
  • 5 + years of IT experience, which will include 2 to 5 years in a systems security role including vulnerability scanning experience
  • Demonstrated ability to create network diagram maps, develop QAPPS and build runbooks to support PCI compliance documentation requirements
  • Must also understand network architecture (layer 2 & 3), Firewalls rules and PCI Segmentation
  • Up-to-date on latest industry trends within cyber security; able to articulate trends and potential opportunities confidently
  • Possess strong client service skills, necessary for interacting with various levels of IT staff, including executive leadership
  • Ready to work in a dynamic environment and support a large complex computer network
  • Able to multitask, prioritize, manage time efficiently, and be well versed with current security trends

Required Technical and Professional Expertise

  • Familiarity with PCI, PHI, PII, SOX regulatory requirements
  • Familiarity with Unix like and Windows operating systems
  • Experience applying regulatory requirements within the context of vulnerability management
  • Web application scanning experience (DAST and SAST)
  • Knowledge of vulnerabilities associated with the OWASP
  • Experience with application security testing techniques such as fuzzing, penetration testing and code scanning, ideally with both static (SAST) and dynamic (DAST) tools for client-server, web, mobile, and cloud applications
  • Experience enabling automation for a vulnerability scanning program
  • 3+ Years scripting experience
  • Ability to analyze data using Excel including use of Excel macros / scripts; some development experience is preferable
  • CISM, CISA or CISSP certification (any or combined)
  • Maintain day-to-day tasks including information security risk management &administration of projects
  • Follow all best practices and procedures as established by company

Desired Skills and Professional Experience

  • Must have strong interpersonal, planning, facilitation, negotiating, and organizational skills
  • Able to identify risk and issues and recommend appropriate mitigation plans
  • Can deal with changing priorities and meet tight timelines in a matrix environment. Can work under pressure, manage competing priorities and work independently with minimal oversight
  • Not afraid to be inquisitive and willing to challenge the status quo
  • Self-motivated and energized to work with highly diversified business and technical teams (incl. offshore partners)
  • Excellent verbal and written communication skills with ability to communicate actively, openly and effectively (verbal and written) with a variety of different audiences (business and technical). Ability to communicate complicated security concepts to technical and nontechnical employees
  • Be a proven contributor in a team environment
  • Knowledge of ITIL, SDLC, NIST 800-503, Agile and Project Management methodologies



Job Type
Full-Time Regular

Information Technology

Apply With