Job Description :
Information Security Analyst

Bellevue, WA

9+ months



Security Analyst will own the processes to validate the coverage and configuration of the core security solutions required by the PCI DSS.
This position will advise on proposed security tool and process changes that could impact PCI DSS compliance, determine and monitor the scope and scale of security testing and tools that support PCI DSS compliance, ensure that security and technology teams have prepared appropriate evidence for the annual PCI DSS assessment, and monitor the progress of any follow-up activities for the following areas:

Penetration Testing
Vulnerability Scanning
Anti-virus and Malware
Application Code Scanning
Configuration Management
File Integrity Monitoring
Multi-Factor Authentication
Encryption and Key Management

Primary Duties and Responsibilities:

Supporting the completion of the annual PCI DSS Report on Compliance
Managing and communicating key compliance milestones for critical systems and complex processes
Working with security operations, application support, and architecture teams to ensure the PCI DSS compliance of complex branded payment acceptance and payment card servicing processes
Scoping both application and network vulnerability tests and penetration tests
Interpreting and prioritizing both application and network vulnerability test and penetration test results
Facilitating, tracking, and reporting on vulnerability scanning and penetration testing remediation activities
Coordinating with various system owners to ensure that remediation activities are being conducted in a timeline manner and associated evidence is retained for PCI compliance
Driving necessary system and process updates based on testing and assessment results
Facilitating interaction between technology teams and T-Mobile’s PCI DSS Qualified Security Assessor
Working closely with cross-functional teams and developing strong liaison relationships
Staying current with new and evolving security topics and technologies via formal training and self-directed education
Creating written documentation related to the compliance procedures for the compliance lifecycle
Willingly share knowledge and experiences with less experienced staff to help grow the team through training and mentoring

Required Skills / Competencies:

5-10 years IT security or IT security infrastructure experience
Able to scope, interpret, and prioritize both application and network vulnerability test results
Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
Ability to identify problems, analyze data and present conclusions effectively
Strong verbal, written and presentations skills
Intermediate knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands
Intermediate knowledge of three or more of the following technical areas: network segmentation, encryption and key management, tokenization, anti-virus and malware, secure system development, vulnerability management, penetration testing, and file integrity monitoring
Experience with penetration testing or vulnerability management preferred
Industry Certifications (PCI QSA/ISA/PCIP or CISSP/CISM/CRISC/CEH) preferred

Bachelor''s Degree in Computer Science, IT, CIS or a closely related field.