[Remote] PCI Qualified Security Assessor (QSA) Consultant
Note: The job is a remote job and is open to candidates in USA. Danta Technologies is seeking a highly experienced PCI Qualified Security Assessor (QSA) Consultant to lead and deliver end-to-end Payment Card Industry (PCI DSS) advisory, assessment, and validation services. The role focuses on guiding clients through PCI DSS compliance journeys, conducting formal validations, and providing strategic security advisory across GRC, application security, and cloud risk domains.
Responsibilities
- Lead end-to-end PCI DSS compliance engagements, including:
- Gap assessments and readiness assessments
- Formal audits and validation activities
- Conduct PCI DSS assessments and produce:
- Reports on Compliance (RoC)
- Attestations of Compliance (Client)
- Advise clients on:
- PCI DSS scoping and segmentation strategies
- Compensating controls and requirement interpretation
- Perform impact assessments for PCI DSS version upgrades, including:
- Resource planning (people, tools, time)
- Required architecture and system changes
- Conduct compliance and maturity assessments across frameworks such as:
- PCI DSS (primary focus)
- NIST (CSF, 800-53, 800-171)
- ISO 27001 / 27002
- HIPAA and other regulatory standards
- Perform:
- Security program evaluations
- Control gap analysis and remediation roadmaps
- Lead Application Security Certification (AppSec/AppCert) initiatives:
- Black Box, Gray Box, and Crystal Box testing
- SDLC maturity assessments aligned to OWASP SAMM
- Conduct cloud risk assessments across:
- AWS, Azure, and GCP
- Evaluate:
- Cloud configurations, identity controls, and data protection mechanisms
- Operate as a Security Program Advisor / Executive Consultant, providing:
- Strategic compliance roadmap guidance
- Risk posture insights to senior leadership
- Utilize frameworks such as:
- FAIR (Factor Analysis of Information Risk) for financial risk quantification
- Support board-level and C-suite communications, including:
- Risk reports
- Compliance status dashboards
- Support compliance and audit programs with:
- Evidence collection and validation
- Audit documentation and reporting
- Develop:
- Policies, standards, and procedures aligned with PCI DSS and GRC frameworks
- Deliver high-quality audit artifacts and technical reports
- Conduct security assessments in OT/ICS environments, including:
- Passive network monitoring and traffic analysis
- Non-intrusive evaluation of control systems and networks
Skills
- Proven experience as a PCI QSA (Qualified Security Assessor)
- Strong working knowledge of PCI DSS requirements (v3.x and v4.0)
- Cardholder Data Environment (CDE) scoping and segmentation
- Experience producing RoC and Client documentation
- Hands-on experience with security audits and compliance assessments
- Risk management frameworks and control mapping
- Familiarity with NIST, ISO 27001, HIPAA, and industry-specific standards
- PCI QSA certification
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- Additional cloud or security certifications are a plus
- Experience in SAST/DAST testing methodologies
- Exposure to cloud platforms (AWS, Azure, GCP)
- Experience in secure SDLC governance
- Experience conducting security assessments in OT/ICS environments
- Experience with passive network monitoring and traffic analysis
- Experience with non-intrusive evaluation of control systems and networks
Benefits
- Danta offers a compensation package to all W2 employees that are competitive in the industry.
- It consists of competitive pay, the option to elect healthcare insurance (Dental, Medical, Vision), Major holidays and Paid sick leave as per state law.
Company Overview