PCI Qualified Security Assessor (QSA) Consultant

Danta Technologies
Ronkonkoma, United States of America
18 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 114K

Job location

Remote
Ronkonkoma, United States of America

Tech stack

Amazon Web Services (AWS)
Azure
Burp Suite
Cloud Computing
Computer Security
Information Systems
Factor Analysis
Network Monitoring
Open Web Application Security
PCI Data Security Standards
Systems Development Life Cycle
Traffic Analysis
Google Cloud Platform
Software Security
Operational Systems
Static Application Security Testing
Dynamic Application Security Testing

Job description

Client is seeking a highly experienced PCI Qualified Security Assessor (QSA) Consultant to lead and deliver end-to-end Payment Card Industry (PCI DSS) advisory, assessment, and validation services.

This role focuses on guiding clients through PCI DSS compliance journeys, conducting formal validations (RoC/Client), and providing strategic security advisory across GRC, application security, and cloud risk domains.

The ideal candidate will bring deep expertise in PCI DSS standards, audit execution, compliance strategy, and executive advisory, with the ability to translate regulatory requirements into actionable security and business outcomes., 1. PCI DSS Consulting & Assessment (Core Function)

  • Lead end-to-end PCI DSS compliance engagements, including:
  • Gap assessments and readiness assessments
  • Formal audits and validation activities
  • Conduct PCI DSS assessments and produce:
  • Reports on Compliance (RoC)
  • Attestations of Compliance (Client)
  • Advise clients on:
  • PCI DSS scoping and segmentation strategies
  • Compensating controls and requirement interpretation
  • Perform impact assessments for PCI DSS version upgrades, including:
  • Resource planning (people, tools, time)
  • Required architecture and system changes, 2. GRC & Security Framework Assessments
  • Conduct compliance and maturity assessments across frameworks such as:
  • PCI DSS (primary focus)
  • NIST (CSF, 800-53, 800-171)
  • ISO 27001 / 27002
  • HIPAA and other regulatory standards
  • Perform:
  • Security program evaluations
  • Control gap analysis and remediation roadmaps, + Black Box, Gray Box, and Crystal Box testing
  • SDLC maturity assessments aligned to OWASP SAMM
  • Conduct cloud risk assessments across:
  • AWS, Azure, and Google Cloud Platform
  • Evaluate:
  • Cloud configurations, identity controls, and data protection mechanisms, 4. Executive Advisory & Cyber Risk Quantification (Optional)
  • Operate as a Security Program Advisor / Executive Consultant, providing:
  • Strategic compliance roadmap guidance
  • Risk posture insights to senior leadership
  • Utilize frameworks such as:
  • FAIR (Factor Analysis of Information Risk) for financial risk quantification
  • Support board-level and C-suite communications, including:
  • Risk reports
  • Compliance status dashboards, 5. E-Discovery, Audit Support & Documentation
  • Support compliance and audit programs with:
  • Evidence collection and validation
  • Audit documentation and reporting
  • Develop:
  • Policies, standards, and procedures aligned with PCI DSS and GRC frameworks
  • Deliver high-quality audit artifacts and technical reports, 6. Operational Technology (OT) & Specialized Assessments (Optional)
  • Conduct security assessments in OT/ICS environments, including:
  • Passive network monitoring and traffic analysis
  • Non-intrusive evaluation of control systems and networks

Requirements

Proven experience as a PCI QSA (Qualified Security Assessor)

Must Have Strong working knowledge of: PCI DSS requirements (v3.x and v4.0) documentation

Good to have Security audits and compliance assessments Risk management frameworks and control mapping

Certifications PCI QSA CISA CRISC

Min to Max Experience needed 8 to 12 years of experience, Core PCI Expertise

  • Proven experience as a PCI QSA (Qualified Security Assessor)
  • Strong working knowledge of:
  • PCI DSS requirements (v3.x and v4.0)
  • Cardholder Data Environment (CDE) scoping and segmentation
  • Experience producing:
  • RoC and Client documentation

GRC & Compliance Skills

  • Hands-on experience with:
  • Security audits and compliance assessments
  • Risk management frameworks and control mapping
  • Familiarity with:
  • NIST, ISO 27001, HIPAA, and industry-specific standards, + SAST/DAST testing methodologies
  • Secure SDLC governance
  • Exposure to:
  • Cloud platforms (AWS, Azure, Google Cloud Platform)
  • Cloud compliance frameworks and risk models, + App security tools (e.g., Burp Suite or equivalent)
  • Compliance and audit management tools
  • Risk quantification models (FAIR or similar), * PCI QSA certification (Required)
  • Preferred:
  • CISA (Certified Information Systems Auditor)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • Additional cloud or security certifications are a plus, * Strong stakeholder engagement with CISO, CIO, and board-level stakeholders
  • Ability to translate regulatory requirements into business-aligned outcomes
  • Strong technical writing and audit report development skills
  • Excellent communication and presentation skills
  • High attention to detail and structured problem-solving approach, * Quality and defensibility of audit outputs
  • Client satisfaction and repeat advisory engagements
  • Ability to drive measurable compliance posture improvements

Benefits & conditions

Benefits: Danta offers a compensation package to all W2 employees that are competitive in the industry. It consists of competitive pay, the option to elect healthcare insurance (Dental, Medical, Vision), Major holidays and Paid sick leave as per state law.

The rate/ Salary range is dependent on numerous factors including Qualification, Experience and Location.

Apply for this position