Ask IT Consulting Inc, backed by a $500 million Microtek group company, provides an industry leading blend of technology, business consulting, and outsourcing services. Ask IT is a minority-owned enterprise; it has been founded on providing the highest quality possible and on the devotion to customer satisfaction. ASK IT consulting is an equal opportunity employer, which is a global staffing, consulting and technology solutions company, offering industry-specific solutions to fortune 500 clients and worldwide corporations.
Contract resource with senior Information Security Analyst skillset, with focus on PCI-DSS skillset for agency PCI-DSS compliance assessment support throughout year and for annual QSA engagement coordination.
Complete Description The Department of Transportation is seeking a short-term contractor to implement and maintain information security best practices within the NCDOT environment related to assessing and maintaining PCI-DSS compliance for NCDOT. The contractor will help implement and monitor PCI environments using those best industry practices, IDS/IPS, SIEM, employee awareness training tools and related technologies in support of assessing and maintaining PCI-DSS compliance.
The position is responsible for assisting information security analysts and application & service owners with PCI-DSS compliance tasks such evidence preparation, gathering and submission to the PCI-DSS assessor for annual compliance. The position provides input into the creation of hardening standards, researches security best practices and other industry security trends to use as input into the improvement of the agency information security program in addition specifically to PCI-DSS compliance. The position also participates in the information security incident management processes.
The candidate must be an experienced information security analyst possessing advanced experience with the following:
2+ years prior experience supporting, ideally leading, a Level 1 or Level 2 organization's PCI-DSS compliance effort, working with ISA or QSA.
Deep understanding of PCI-DSS 3.0/3.1 and preceding version requirements.
Analysis and review of security events until closure; this includes investigating and recommending appropriate corrective actions.
Conducting internal vulnerability assessments and scheduling of third party external scans.
Management and verification of user PCI security awareness & training.
Hands-on implementation of security devices and applications to monitor and review network, servers, and applications.
Skilled information security professional with advanced knowledge & experience developing and implementing PCI policies, standards and procedures.
Experience supporting, maintaining & implementing security for a large organization assessed against PCI-DSS and level 1 or 2
Advanced experience with security technologies including IDS/IPS, firewalls, SIEM, network analysis tools, malware analysis
Advanced knowledge of security standards and frameworks including but not limited to: OWASP, ISO 27001 and NIST
Experience implementing and executing security incident response
BA or BS in Computer Science, Management Information Systems, or equivalent experience
Must have excellent communication skills (written and verbal) and have the ability to communicate with all levels of staff and management
Previous or current PCI QSA or ISA certification.
CISSP, GIAC, CEH, Security+ or related security certifications
If you are interested in finding out more about opportunities near you, , please email me at ryanaskitc.com