Job Description :
DISYS is seeking an experienced Security Analyst to help support our client in the Bellevue area.
The Security Analyst will own the processes to validate the coverage and configuration of the core security solutions required by the PCI DSS This position will advise on proposed security tool and process changes that could impact PCI DSS compliance, determine and monitor the scope and scale of security testing and tools that support PCI DSS compliance, ensure that security and technology teams have prepared appropriate evidence for the annual PCI DSS assessment, and monitor the progress of any follow-up activities for the following areas:

  • Penetration Testing
  • Vulnerability Scanning
  • Anti-virus and Malware
  • Application Code Scanning
  • Configuration Management
  • File Integrity Monitoring
  • Multi-Factor Authentication
  • Encryption and Key Management

Primary Duties and Responsibilities:

  • Supporting the completion of the annual PCI DSS Report on Compliance
  • Managing and communicating key compliance milestones for critical systems and complex processes
  • Working with security operations, application support, and architecture teams to ensure the PCI DSS compliance of complex branded payment acceptance and payment card servicing processes
  • Scoping both application and network vulnerability tests and penetration tests
  • Interpreting and prioritizing both application and network vulnerability test and penetration test results
  • Facilitating, tracking, and reporting on vulnerability scanning and penetration testing remediation activities
  • Coordinating with various system owners to ensure that remediation activities are being conducted in a timeline manner and associated evidence is retained for PCI compliance
  • Driving necessary system and process updates based on testing and assessment results
  • Facilitating interaction between technology teams and T-Mobiles PCI DSS Qualified Security Assessor
  • Working closely with cross-functional teams and developing strong liaison relationships
  • Staying current with new and evolving security topics and technologies via formal training and self-directed education
  • Creating written documentation related to the compliance procedures for the compliance lifecycle
  • Willingly share knowledge and experiences with less experienced staff to help grow the team through training and mentoring

Required Skills / Competencies:

  • 5-10 years IT security or IT security infrastructure experience
  • Able to scope, interpret, and prioritize both application and network vulnerability test results
  • Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
  • Ability to identify problems, analyze data and present conclusions effectively
  • Strong verbal, written and presentations skills
  • Intermediate knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands
  • Intermediate knowledge of three or more of the following technical areas: network segmentation, encryption and key management, tokenization, anti-virus and malware, secure system development, vulnerability management, penetration testing, and file integrity monitoring
  • Experience with penetration testing or vulnerability management preferred
  • Industry Certifications (PCI QSA/ISA/PCIP or CISSP/CISM/CRISC/CEH) preferred

Top three skillsets:
1) General knowledge of risk, compliance and controls especially creating new controls.
2) Excellent organizational, written, verbal and interpersonal skills.
3) Ability to grasp concepts and work with minimal supervision.


Source link