PCI Technical Payments Associate-Analyst (QSA Track)

Tevora•Fairfax, VA

14d

About The Position

PCI Technical Payments Analyst (QSA Track) at Tevora Irvine, CA If you haven't heard of Tevora, it's because we've done our job! Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you. What's the role? As a Technical Payments Analyst (QSA Track), you will support consultants and PCI Qualified Security Assessors (QSAs) in delivering payment security and compliance assessments for clients in the payments industry. This role is intended for professionals already working with PCI DSS who want to deepen their assessment experience and progress towards PCI QSA qualification. In this role, you will contribute to evaluating payment environments, reviewing documentation and evidence, and identifying gaps in security controls across payment systems, applications, and processes. Working closely with experienced QSAs, you will help assess and document controls designed to protect sensitive payment data and support PCI DSS compliance while continuing to build the experience required for QSA certification. A day in the life could include: Payment Security Assessments: Participate in PCI DSS assessments of client payment systems, applications, and processes to identify potential security vulnerabilities and compliance gaps. Assist in reviewing payment architectures, technologies, and processing environments to evaluate alignment with industry security standards and compliance requirements. Support the collection, analysis, and documentation of evidence related to payment security controls. Compliance and Certification: Work alongside experienced QSAs and consultants to help clients navigate payment security standards such as PCI DSS, SSF (or PA-DSS), and other payment domain requirements. Contribute to assessment documentation, compliance reports, and supporting materials used in certification and validation processes. Gain practical experience with PCI assessment methodologies as part of the path toward QSA qualification. Security Recommendations and Remediation: Assist in developing recommendations to strengthen the security posture of client payment systems and applications. Collaborate with consultants and client teams to help track and document remediation efforts addressing identified vulnerabilities and compliance gaps. Technical Consultation: Support consultants in advising clients on secure payment technologies, encryption approaches, secure data storage, and secure development practices. Participate in technical discussions related to protecting payment card data and sensitive financial information. Client Relationship Management: Build productive working relationships with client stakeholders while supporting engagement teams during assessments and advisory activities. Participate in client meetings, workshops, and technical discussions as part of the assessment process. Industry Awareness: Stay current with emerging cybersecurity threats, evolving payment security standards, and trends impacting the payments ecosystem and cybersecurity threat landscape. Continuously develop technical and compliance expertise in preparation for pursuing QSA certification.

Requirements

Minimum of 1 year of experience participating in PCI DSS assessments or supporting PCI compliance engagements, such as evidence review, control validation, gap analysis, documentation preparation, or quality assurance.
Ideal candidate has experience contributing to PCI DSS Reports on Compliance (ROC), Self-Assessment Questionnaires (SAQ), or PCI gap assessments.
Demonstrated interest in advancing a career in payment security and progressing towards PCI Qualified Security Assessor (QSA) certification.
Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related STEM field (or equivalent practical experience).
Strong analytical and problem-solving skills, with the ability to identify security risks and contribute to recommending appropriate solutions.
Excellent communication and interpersonal skills, with the ability to convey technical concepts to both technical and non-technical audiences.
Ability to work independently and collaboratively within cross-functional teams to support client engagements and project objectives.
Foundational understanding of cybersecurity principles, including areas such as network security, access control, encryption, and secure system design.
Exposure to payment technologies, payment processing environments, or compliance frameworks is a plus, including PCI DSS, SSF (or PA-DSS), ISO 27001, and NIST Cybersecurity Framework.
A commitment to maintaining the highest level of confidentiality and professionalism.
Eligibility to work in the United States.

Nice To Haves

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
ISO 27001 Lead Auditor

Responsibilities

Payment Security Assessments: Participate in PCI DSS assessments of client payment systems, applications, and processes to identify potential security vulnerabilities and compliance gaps.
Assist in reviewing payment architectures, technologies, and processing environments to evaluate alignment with industry security standards and compliance requirements.
Support the collection, analysis, and documentation of evidence related to payment security controls.
Compliance and Certification: Work alongside experienced QSAs and consultants to help clients navigate payment security standards such as PCI DSS, SSF (or PA-DSS), and other payment domain requirements.
Contribute to assessment documentation, compliance reports, and supporting materials used in certification and validation processes.
Gain practical experience with PCI assessment methodologies as part of the path toward QSA qualification.
Security Recommendations and Remediation: Assist in developing recommendations to strengthen the security posture of client payment systems and applications.
Collaborate with consultants and client teams to help track and document remediation efforts addressing identified vulnerabilities and compliance gaps.
Technical Consultation: Support consultants in advising clients on secure payment technologies, encryption approaches, secure data storage, and secure development practices.
Participate in technical discussions related to protecting payment card data and sensitive financial information.
Client Relationship Management: Build productive working relationships with client stakeholders while supporting engagement teams during assessments and advisory activities.
Participate in client meetings, workshops, and technical discussions as part of the assessment process.
Industry Awareness: Stay current with emerging cybersecurity threats, evolving payment security standards, and trends impacting the payments ecosystem and cybersecurity threat landscape.
Continuously develop technical and compliance expertise in preparation for pursuing QSA certification.