PCI Penetration Testing Coordinator
NBCUniversal
full-time
Posted on:
Location Type: Remote
Location: Remote • New York • 🇺🇸 United States
Visit company websiteSalary
💰 $100,000 - $140,000 per year
Job Level
Mid-LevelSenior
Tech Stack
LinuxPython
About the role
- Managing and maintaining PCI ASV scan schedules across all business units
- Initiating and tracking ad hoc scans, ensuring timely execution and reporting
- Validating remediation of vulnerabilities and special notes, coordinating with technical teams and GRC
- Acting as the single point of contact for the ASV vendor, resolving anomalies and portal issues
- Negotiating false positives and scan disputes with the vendor on behalf of business units
- Coordinating annual and ad hoc PCI penetration tests across applicable environments
- Scoping, scheduling, and executing penetration tests internally when vendor support is unavailable or impractical
- Performing manual and automated testing techniques including network, web application, and system-level assessments
- Analyzing test results, documenting findings, and providing remediation guidance aligned with PCI DSS
- Tracking remediation efforts and maintaining centralized documentation of test reports and compliance evidence
- Generating and maintaining reports for internal stakeholders, auditors, and compliance attestations
- Interfacing with business unit technical teams to ensure understanding and prioritization of findings
- Providing guidance and support to teams with limited PCI knowledge or bandwidth
Requirements
- Bachelor’s Degree in an IT-related field and/or equivalent work experience
- Minimum 3–5 years of experience in PCI compliance, vulnerability management, or penetration testing
- Strong understanding of PCI DSS requirements, especially ASV scanning and penetration testing controls
- Proficiency in penetration testing methodologies (OWASP, NIST SP 800-115, PTES)
- Experience with tools such as Burp Suite, Nmap, Nessus, Metasploit, Kali Linux, and scripting (Python, Bash)
- Working knowledge of network protocols, web application architecture, and common vulnerabilities
- Experience working with external vendors and internal technical teams
- Excellent organizational, communication, and documentation skills
- Ability to manage multiple concurrent projects and deadlines
- Certifications (at least one Required): Offensive Security Certified Professional (OSCP)
- GIAC Penetration Tester (GPEN)
- Certified Ethical Hacker (CEH)
- Certifications (Preferred): PCI Internal Security Assessor (ISA)
- GIAC Web Application Penetration Tester (GWAPT)
- CISSP or CISM for broader security leadership alignment
Benefits
- medical, dental and vision insurance
- 401(k)
- paid leave
- tuition reimbursement
- a variety of other discounts and perks
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
PCI compliancevulnerability managementpenetration testingpenetration testing methodologiesnetwork assessmentsweb application assessmentssystem-level assessmentsremediation guidancescriptingnetwork protocols
Soft skills
organizational skillscommunication skillsdocumentation skillsproject managementcollaborationproblem-solvingnegotiationguidancesupportprioritization
Certifications
Offensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN)Certified Ethical Hacker (CEH)PCI Internal Security Assessor (ISA)GIAC Web Application Penetration Tester (GWAPT)CISSPCISM