PCI Security Standards Council, LLC
  • Operations
  • USA
  • Salary
  • Full Time

Reporting directly to an AQM Manager, the AQM Analyst Software Specialization will play a key role in the administration of Point to Point Encryption (P2PE), Software Security Framework (Secure Software Validation and Secure Software Life Cycle (SLC) Validation), and Payment Application Qualified Security Assessor (PA-QSA) quality assurance programs and may be called to play a role in the QA component for other PCI SSC Programs, such as Qualified Security Assessor (QSA), as needed. 

In this capacity, the AQM Analyst Software Specialization will use previous software security expertise and former audit/quality management experience to perform tasks to determine whether assessors are meeting a baseline standard of quality in work product and reporting, including review of completed reports provided by assessors to PCI SSC, review of work papers and working closely with these security assessors to resolve issues.


ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

  • Evaluate reports submitted by PCI SSC approved assessor companies, including Reports on Validation (ROV) related to Software Security Framework (Secure Software Validation and Secure Software Life Cycle (SLC) Validation, P2PE Reports of Validation (P-ROV), and PCI PA-DSS Reports of Validation (ROV) for completeness and quality; other reports may include PCI DSS Reports on Compliance (ROC) and others, as needed
  • Document and present Quality Management (QM) findings to team, first-level leadership and the PCI Security Standards Council;
  • Provide status reports for consistent findings and proposed solutions;
  • Input directly-received feedback from outside of the PCI SSC for tracking and follow-up actions
  • Interact with team members to calibrate, confirm findings and resolve misunderstandings resulting from the review;
  • Work in a team environment to analyze the Quality Management (QM) test process;
  • Participate as an integral part of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with peers and management;
  • Continually learn, actively share knowledge and foster exchange of skills; and
  • Willingness to travel up to 15%.


  • Bachelor's degree preferred;
  • Hold the ISC2 CSSLP (Certified Secure Software Lifecycle Professional) Certification OR be willing to earn the CSSLP within the first year of employment, with training (provided by ISC2 either classroom-based or online instructor-led) paid for by PCI SSC
  • Minimum 3 years cumulative, paid work experience as a software development lifecycle professional
  • Demonstrable experience in security infrastructures;
  • Understanding of information systems and networking diagrams;
  • Methodical and organized, able to manage multiple opportunities and projects, concurrently;
  • Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment;
  • Deep analytical skills enabling comprehension and development of complex business and technical issues, topics and plans;
  • Able to multi-task and work independently with minimum supervision to meet firm deadlines
  • Flexible, proactive, quick to learn and possessing a can-do attitude;
  • A blend of curiosity, creativity, persistence, commitment, passion and optimism; and
  • Knowledge of the PCI industry, including the programs within the PCI SSC preferred.


Additional Information

  • Location: Work From Home; USA 

  • Position Type: Full-Time


PCI SSC is an Equal Opportunity Employer

PCI Security Standards Council, LLC
  • Apply Now

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Share This Page