Principal Consultant, PCI SSF | Remote US

United StatesUnited StatesNorth AmericaApril 1, 2023

About CoalfireCoalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.But that’s not who we are – that’s just what we do.We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast.We’re looking for a Principal Consultant, SSF (Software Security Framework Assessor)  to support our PCI Assurance Services, Enterprise team.Position SummaryIn this role, you will conduct technical testing for payment applications. This opportunity provides access to the rapidly emerging market for IT Governance, Risk, and Compliance (IT GRC) management.  For IT application validation assessments, your primary focus will be to validate technical controls for compliance with the Payment Card Industry (PCI) Payment Application & Secure Software framework standard.  In this position, you will be one of the most senior IT auditors in the industry.  You will be a key member of the solution validation team that works with various financial companies to advise them about application architecture, software security and software development.The Principal is a highly technical “hands-on” expert who understands matrix/complex business operations, information technology and security. The Principal will work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks. This role will have an expert understanding of framework requirements, perform audit/assessments, and develop reports for clients. They have the ability to navigate & assess complex security systems that impact multiple infrastructure domains across client operations. They will work closely with Project Managers, Directors and other Delivery team members to effectively manage project timelines and deliverables.

What You'll Do

  • Perform technical solution testing across a wide variety of technologies, including penetration testing
  • Gather evidence through collaborative client interviews
  • Compare client documentation to current compliance guidelines
  • Prepare SSF (Software Security Framework) Reports On Validation and Compliance and/or authoring white papers
  • Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.  
  • Prepare, review and approve advisory or assessment reports.
  • Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets.
  • Ensures quality products and services are delivered on time per Coalfire quality standards.
  • Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue
  • Provide mentorship to team members in areas of audit, assessment, technical review and writing. 
  • Interfaces with clients through entire engagement, interacting with all levels of client organizations. Establish and maintain positive collaborative relationships with clients and stakeholders
  • Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.
  • Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
  • Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales.
  • Work collaboratively with a team of assessors as a compliance expert in at least one area of expertise and drive the planning of assessment for clients
  • Draft audit programs that sufficiently address both the required objectives of the certification body and the complexity of the client environment
  • Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
  • Mentor junior members of the team and may provide training for new hires
  • Assess security vulnerabilities against the appropriate security frameworks
  • Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
  • Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
  • Assess client provided documentation for compliance with a variety of standards
  • Educate and interpret compliance activities for clients
  • Collaborates with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables.
  • Build professional and meaningful relationships while managing customer expectations and deliverables
  • Execute, examine, interview and test procedures in accordance with the appropriate control
  • Ensure cyber security policies are adhered to and that required controls are implemented
  • Validate respective information system security plans to ensure control requirements are met
  • Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
  • Provides advice to customers on issues affecting the scope of work in a manner that provides additional value
  • Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls

What You'll Bring

  • Bachelor's degree (four-year college or university) in an IT-related field or equivalent combination of education and work experience
  • Seven or more (7+) years in IT security and/or application development
  • Have at least 1 certification for Information Security (CISSP, CISM, ISO 27001, CSSLP, CASE, GSSP-JAVA, GSSP-.NET, GWEB, CEH, OSCP, CompITA PenTest+, GPEN)
  • Have at least 1 certification for Audits (CISA, GNSA, ISO 27001 Lead Auditor Internal Auditor, IRCA ISMS Auditor or higher, CIA)
  • Desire and ability to become SSF certified
  • Strong understanding of application security practices (such as OWASP Top 10) and/or application architecture
  • Excellent written and verbal communication skills
  • Ability to comfortably interact with senior management and clients in a consultative manner
  • Excellent customer service and project management skills
  • Experience with risk assessment and gap analysis
  • Experience in IT security audit and compliance
  • Experience developing software
  • Possess substantial information security knowledge and experience to conduct technically complex security assessments.
  • Possess a minimum of one year of experience in each of the following software development disciplines (experience may be acquired concurrently—for example, if the role involved experience in multiple disciplines at the same time): Software/Systems Design, Programming/Software Development, Software/Systems Testing
  • Possess a minimum of three years of experience in each of the following information security disciplines (experience may be acquired concurrently—for example, if the role involved experience in multiple disciplines at the same time): Security risk assessment, System/software security controls selection, Security architecture, Systems/software penetration testing, Threat and vulnerability detection and management, Incident detection and response, Cryptography and Key Management
  • A commitment to your profession demonstrated by participation in industry events, seminars, blogs, and memberships in professional associations
  • A desire to join some of the most capable and experienced cyber security professionals in the industry and contribute to the ongoing growth of our venture together

Bonus Points

  • Current or former PCI-QSA certification
Why You’ll Want to Join UsAt Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like flexible time off, certification and training reimbursement, and comprehensive insurance options.At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $104,000 to $179,600 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.#LI-Remote#LI-HW2

Cyber Security Jobs by Category

Cyber Security Jobs by Location

Cyber Security Salaries