PCI/QSA
Job Description:
AT&T Consulting Solutions is a wholly owned subsidiary of AT&T (a Fortune Global Top 10 company). AT&T is looking for an information security practitioner with some technical experience for the position of a Senior Consultant located in eastern New England to be a part of a dynamic team of experienced security professionals with varied experiences. Candidate must be willing to attend training to become a Payment Card Industry Qualified Security Assessor (PCI QSA). AT&T consulting clients range from some of the largest networks in the world to small businesses requiring security consulting expertise.
Job Duties:
Key functions of this role will be to work on security and privacy consulting engagements for our customers. Successful candidates will have demonstrated experience in security consulting and will have an understanding of the business-technology interface; they will be able to understand business environments/issues and have the ability to link them to technology at a high level. Experience with compliance assessments such as PCI-DSS and ISO 27002 is required. Technical security knowledge and experience will be given preference.
· Bachelors degree in Computer Science or related fields, Masters Degree preferred
· Information Security consulting experience of a minimum of four years
· Very good understanding of security operation & management in a large customer environment
· Must be a flexible team player, hard-working, and posses excellent communication and customer-facing skills
· Strong report writing skills and ability to explain complex security issues to customers in a formal presentation format
· Creativity in finding cost-effective remediation solutions acceptable to our clients
· Must be able to interact confidently with all levels of technical and management client teams
· One Security certification such as CISSP, CISA, CISM, PCI QSA, CEH, SANS GSEC, etc., is required and willingness to pursue further certification preferred.
· PCI DSS experience preferred; you will be required to attend training and certification for PCI QSA
· Ability to travel 50%-75%, mostly within region, must possess drivers’ license
Technical Skills
· Knowledge and experience with risk and compliance projects dealing with a variety of regulatory and voluntary compliance standards such as: PCI-DSS, ISO 27000 series, federal and state security and privacy regulations, HIPAA/HITECH, HiTrust, GLBA, SOX 404,etc.
· Strong technical problem / resolution skills
· Mid to advanced level infrastructure or security design capabilities for environments that include 10 to 20 security devices, processes or applications.
· Mid to advanced level systems administration (UNIX/Linux, Windows, or mainframe)
· Knowledge with different application architectures and platforms, their development challenges, their control configurations, and their inherent security strengths and weaknesses (e.g., ColdFusion, J2EE, .Net)
· Mid to advanced level network administration (firewalls, IDS/IPS, network architecture)
· Mid to advanced level methods knowledge of one or more of the following:
o Vulnerability scanning
o Penetration testing (network, system and application)
o Application development
o Policy development
o Forensics
o Security event monitoring
· Vendor certification or demonstrable in-depth technical expertise with at least three major security solution
o Examples Only: Symantec, McAfee, VeriSign, Juniper, Checkpoint, Cisco, Arcsite, Tripwire, etc.
o Demonstrable experience includes being able to gather customer requirements, design a solution, specify a build of materials, implement, tune/optimize, maintain or troubleshoot at an architecture component level for an existing solution
Additional Requirements
- Knowledge and experience with risk and compliance assessments
- Familiar with retail information security challenges a plus
- Bi-lingual candidates a plus