Senior Consultant, PCI SSF

What You'll Do

• Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.  
• Perform technical solution testing across a wide variety of technologies, including penetration testing of the application.
• Prepare SSF (Software Security Framework) Reports on Validation and Compliance and/or authoring white papers.
• Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets.
• Ensures quality products and services are delivered on time per Coalfire quality standards.
• Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue.
• Interfaces with clients through entire engagement, interacting with all levels of client organizations. Establish and maintain positive collaborative relationships with clients and stakeholders.
• Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales.
• Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification.
• Travel 20%.
• Ability to be successful when working remotely.

What You'll Bring

• Five or more (5+) years in IT security and/or application development.
• Possess a minimum of one year of experience in each of the following software development disciplines (experience may be acquired concurrently—for example, if the role involved experience in multiple disciplines at the same time): Software/Systems Design, Programming/Software Development, Software/Systems Testing.
• Possess a minimum of three years of experience in each of the following information security disciplines (experience may be acquired concurrently—for example, if the role involved experience in multiple disciplines at the same time): Security risk assessment, System/software security controls selection, Security architecture, Systems/software penetration testing, Threat and vulnerability detection and management, Incident detection and response, Cryptography and Key Management.
• One of the following Information security certifications required: CISSP, CISM, ISO 27001 Lead Implementer.
• One of the following Audit certifications required: CISA, GNSA, ISO 27001 Lead Auditor, Internal Auditor, IRCA ISMS Auditor or higher, CIA.
• One of the following Software Development certifications required (or ability to obtain one quickly): CSSLP, CASE, GSSP-JAVA, GSSP-.NET, GWEB, CEH, OSCP, CompTIA PenTest+, GPEN.
• Desire and ability to become SSF certified.
• Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience.
• Strong understanding of application security practices (such as OWASP Top 10) and/or application architecture.
• Experience in IT security audit and compliance, risk assessments and gap analysis.
• Possess substantial information security knowledge and experience to conduct technically complex security assessments.
• A commitment to your profession demonstrated by participation in industry events, seminars, blogs, and memberships in professional associations.
• A desire to join some of the most capable and experienced cyber security professionals in the industry and contribute to the ongoing growth of our venture together.
• Excellent written and verbal communication skills.
• Ability to facilitate meetings of small or large groups.
• Excellent customer service and project management skills.
• Ability to prioritize and manage multiple initiatives/projects.
• Ability to be self-driven and have strong independent initiative.
• Strong Consulting skills with executive leadership and technical professionals; ability to advise and challenge the status quo while building strong relationships.

Bonus Points

• Current or former PCI-QSA certification.