Senior Info Security Analyst

Job Description

Join Team Amex and lets lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial.