Open Mobile Menu



Senior Consultant / PCI Qualified Security Assessor

San Jose, California (Remote Positions Available)

Our San Jose, California-based Information Security Services Firm has an immediate opening for a Senior Consultant/PCI Qualified Security Assessor to join our growing company.  This is a key position that will require you to put your technical expertise, consulting and auditing experience, and information security knowledge to work to provide consulting and remediation support services to our clients. AppSec Consulting’s goal is to help our customers navigate complex security and compliance issues; we focus on building build long-term relationships in our role as trusted advisors.

This position will require spending approximately 75% of your time performing assessment, advisory, and technical consulting services, and approximately 25% assisting with internal projects. You will be expected to lead assessments from start to finish, effectively communicate with peers and customers, and produce high-quality deliverables while adhering to project timelines.

Primary Job Duties – Consulting and Advisory Services

  • Conducting PCI DSS Gap Assessments and development of Strategic Remediation Plans
  • Performing formal PCI DSS Assessments resulting in a Level 1 Report on Compliance (ROC) and Attestation of Compliance (AOC)
  • Creating professional reports for our clients that detail assessment findings.  Quality reports are very important to us as they allow us to differentiate ourselves in the marketplace - our reports are tailored to our clients’ business and include a roadmap of practical, actionable steps for improving their security posture and/or achieving compliance
  • Consulting with clients to help them understand our findings and their remediation options
  • Provide presales and scoping assistance as needed
  • Writing blog articles

Work Location

Our Company is headquartered in San Jose, California, but the majority of consultants are remote employees.  More than 50% of our clients are located in the Bay Area. This job will require 15-20% travel to remote client locations both within and outside of the United States.

Technical Skills

  • Minimum of eight years in the Information Security field doing work similar to what is described above
  • CISSP, CISM, or Certified ISO 27001 Lead Implementer (at least one)
  • CISA, GIAC GSNA, Certified ISO 27001 Lead Auditor / Internal Auditor, CIA (at least one)
  • Previous or current PCI-QSA or Internal Security Auditor (PCI-ISA) certifications strongly preferred
  • Experience completing a minimum of 5 PCI DSS merchant and/or service providers Reports on Compliance (ROCs) - strongly preferred
  • Familiarity and experience with a variety of security products and technologies - for example, network firewalls, web application firewalls, antivirus solutions, data loss prevention products, and encryption technologies.  We don't expect you to be an expert in all of these areas, but having a broad knowledge of the information security space is a plus for this type of work.  Our team includes specialists in application and network security, which you will be able to consult with when needed

Possess a minimum of one year of experience in each of the following information security disciplines (experience may be acquired concurrently—for example, if the role involved experience in multiple disciplines at the same time):

  • Application security
  • Information systems security
  • Network security

Possess a minimum of one year of experience in each of the following audit/ assessment disciplines (experience may be acquired concurrently, for example, if the role involved experience in multiple disciplines at the same time):

  • Information Technology security auditing
  • Information security risk assessment or risk management

Soft Skills

  • Strong customer focus. The goal should be to make customers happy enough that they ask for you to be sent back to do more work for them
  • Strong written and verbal communication skills
  • Desire to learn new things and become a participant in the information security community
  • Desire to maintain knowledge of ongoing security and compliance industry developments
  • Excellent organizational skills
  • Honesty and integrity
  • Ability to work independently to meet project deadlines with minimal supervision
  • Enthusiastic, responsible, proactive, and dependable team player
  • A willingness to identify and solve problems through creative thinking and collaboration

Other Requirements

  • Must undergo criminal background check and drug testing
  • Willingness to travel when necessary
  • Willingness to work odd hours at times. For the most part this is a Monday-Friday 8:00 to 5:00 position; however, client requirements and the project-based nature of our work may occasionally require some flexibility in schedule

Job Benefits

  • Competitive salary including performance incentives
  • Company-sponsored medical, dental, and vision insurance
  • Company-sponsored professional development and career growth opportunities
  • Company-sponsored 401k program with 4% match
  • Company-paid industry certifications necessary for your position (such as CISA, PCI-QSA, etc.)
  • Small, dynamic environment that encourages and rewards initiative and creativity
  • Esprit de corps
  • Your choice of beer (at the end of the workday)

If you think you’re the right person for this challenging and fun career opportunity, please send your resume to