PCI Penetration Testing Coordinator

Yesterday

🗽 New York – Remote

Although this job is listed in New York, this company may be open to hiring remote in other states.

💵 $100k - $140k / year

⏰ Full Time

🟡 Mid-level

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

Apply Now

Receive Emails with Similar Jobs

NBCUniversal

WebsiteLinkedInAll Job Openings

Media • Entertainment

NBCUniversal is a leading global media and entertainment company known for creating and distributing content across a variety of platforms. With over 100 years of experience, it is a part of Comcast and encompasses brands like Peacock, NBC Sports, and many others to educate, entertain, and empower audiences around the world. The company is involved in television broadcasting, film production, and theme parks, and is also recognized for its initiatives in technology and corporate social responsibility. NBCUniversal is committed to innovation and social impact, making it a vibrant workplace for media and tech professionals.

10,000+ employees

Founded 2004

📱 Media

📋 Description

• Managing and maintaining PCI ASV scan schedules across all business units • Initiating and tracking ad hoc scans, ensuring timely execution and reporting • Validating remediation of vulnerabilities and special notes, coordinating with technical teams and GRC • Acting as the single point of contact for the ASV vendor, resolving anomalies and portal issues • Negotiating false positives and scan disputes with the vendor on behalf of business units • Coordinating annual and ad hoc PCI penetration tests across applicable environments • Scoping, scheduling, and executing penetration tests internally when vendor support is unavailable or impractical • Performing manual and automated testing techniques including network, web application, and system-level assessments • Analyzing test results, documenting findings, and providing remediation guidance aligned with PCI DSS • Tracking remediation efforts and maintaining centralized documentation of test reports and compliance evidence • Generating and maintaining reports for internal stakeholders, auditors, and compliance attestations • Interfacing with business unit technical teams to ensure understanding and prioritization of findings • Providing guidance and support to teams with limited PCI knowledge or bandwidth

🎯 Requirements

• Bachelor’s Degree in an IT-related field and/or equivalent work experience • Minimum 3–5 years of experience in PCI compliance, vulnerability management, or penetration testing • Strong understanding of PCI DSS requirements, especially ASV scanning and penetration testing controls • Proficiency in penetration testing methodologies (OWASP, NIST SP 800-115, PTES) • Experience with tools such as Burp Suite, Nmap, Nessus, Metasploit, Kali Linux, and scripting (Python, Bash) • Working knowledge of network protocols, web application architecture, and common vulnerabilities • Experience working with external vendors and internal technical teams • Excellent organizational, communication, and documentation skills • Ability to manage multiple concurrent projects and deadlines • Certifications (at least one Required): Offensive Security Certified Professional (OSCP) • GIAC Penetration Tester (GPEN) • Certified Ethical Hacker (CEH) • Certifications (Preferred): PCI Internal Security Assessor (ISA) • GIAC Web Application Penetration Tester (GWAPT) • CISSP or CISM for broader security leadership alignment

🏖️ Benefits

• medical, dental and vision insurance • 401(k) • paid leave • tuition reimbursement • a variety of other discounts and perks