Description
This is a CONTRACT engagement (C2C, W2). The project is scheduled to start April 1 and run for through September 30, 2015.RALEIGH/DURHAM AREA CANDIDATES ONLY PLEASE.JOB DESCRIPTION:
The contractor will help implement and monitor PCI environments using those best industry practices, IDS/IPS, SIEM, employee awareness training tools, anti-virus, utilization of network packet analyzers and related technologies in support of assessing and maintaining PCI-DSS compliance.The position is responsible for assisting information security analysts and application & service owners with PCI-DSS compliance tasks such evidence preparation, gathering and submission to the PCI-DSS assessor for annual compliance. The position provides input into the creation of hardening standards, researches security best practices and other industry security trends to use as input into the improvement of the Agency Information Security Program in addition specifically to PCI-DSS compliance. The position also participates in the information security incident management processes.This position may require some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
The candidate must be an experienced information security analyst possessing advanced experience with the following:
- 2+ years prior experience supporting, ideally leading, a Level 1 or Level 2 organization's PCI-DSS 2.0 compliance effort, working with ISA or QSA.
- Deep understanding of PCI-DSS 3.0 requirements.
- Analysis and review of security events until closure; this includes investigating and recommending appropriate corrective actions.
- Conducting internal vulnerability assessments and scheduling of third party external scans.
- Management and verification of user PCI security awareness & training.
- Hands-on implementation of security devices and applications to monitor and review network, Servers, and applications.
KNOWLEDGE, SKILLS, AND ABILITIES REQUIREMENTS:
- The candidate must be a skilled information security professional with advanced knowledge and direct experience developing and implementing information security policies, standards and procedures for large organizations. Three+ years of progressive experience in computing and information security, including specific experience with Internet technologies and related security issues is required.
- The candidate must have 2 years experience supporting & implementing security for a large organization assessed against PCI-DSS 2.0, and advanced familiarity with PCI-DSS 3.0. That organizational experience must be PCI-DSS Level 1 or Level 2.
- Knowledge of regulatory compliance including but not limited to: OWASP, ISO 27001 and NIST
- Two+ years experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, Security Information and Event Management (SIEM), Network Behavior Analysis tools, Antivirus, Network Packet Analyzers and malware analysis.
- Experience implementing and executing security incident response.
- BA or BS in Computer Science, Management Information Systems, or equivalent experience.
- Must have excellent communication skills (written and verbal) and have the ability to communicate with all levels of staff and management.
Preferred:
- Previous or current PCI QSA or ISA certification.
- CISSP, GIAC, CEH, Security+ and related security certifications.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin or disability.
Experience:
2+ years supporting/leading, a Level 1 or Level 2 orgs PCI-DSS 2.0 compliance effort, working with ISA or QSA. Deep understanding of PCI-DSS 3.0 requirements. PCI QSA or ISA cert preferred