Skip navigation
PCI QSA/PA-QSA Consultant

PCI QSA/PA-QSA Consultant

Apply Now

Job Description

Do you work well between a ROC and a hard place?

You think so?  Do you have the enthusiasm to tear apart firewall rulesets, application code or server configurations?  What about the patience to explain to management why they should care about securing each of those?  Can you think expansively enough about the big information security picture for an entire organization?  How about focus like a laser on a single troublesome issue?

Leave behind what you think you know about PCI assessors; we’re not checklist auditors wearing blinders.  We’re hackers and developers and sysadmins; we’re security professionals first, compliance assessors second, and we have a lot of experience doing this.

Responsibilities as a Qualified Security Assessor:

  • Helping clients meet their compliance obligations by evaluating their business, technology and operations against security standards like the PCI DSS or HIPAA.
  • Sharing your expertise to help make top-level decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security.
  • Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
  • Producing detailed, high-quality reports for clients and industry third parties like payment card brands and the PCI Security Standards Council.
  • Learning from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
  • Making this all look easy by juggling several concurrent projects at any given point in time.

Responsibilities as a Payment Application Qualified Security Assessor:

  • Helping software developer clients implement practices to produce secure applications and find and crush security vulnerabilities before the bad guys can take advantage of them.
  • Picking apart payment software with packet sniffers, debuggers, process monitoring utilities and maybe even a few tools you write yourself.
  • Testing applications for security vulnerabilities while providing clear, coherent explanations of your findings and recommendations to fix the issues.

Job Requirements


  • Have previous experience consulting, either within your place of employment or for outside clients.
  • Truly comprehend information security principles and apply them practically.
  • Feel at home installing and operating a variety of UNIX or Linux systems. Familiarity with OS/400 or its ilk is a plus.
  • Understand code or script. Ruby and Python are nice, but it’s more about concept than actual language.
  • Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences.
  • Have paid enough attention in English class to write clearly and well. If you slept through classes, but figured it out later, that’s okay too. But we’re serious about writing well.

Bonus Points If You:

  • Have payment card (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) experience.
  • Understand database security or cryptography really well.
  • Know about forensic analysis or incident response.
  • Are professionally, or willing to get, certified (while certifications don't indicate competence, they do reflect professionalism and a minimum knowledge level) in any of the following:
    • Security and IT certifications (e.g., CISSP, GIAC, CISA, etc.)
    • Technical certifications (e.g., MCSE, CCNA, etc.)
    • Related industry certifications (e.g., QSA, PA-QSA, ISA, PCIP)
  • Speak a language besides English fluently (you still need English, though). Bonus points if you have a valid US passport and know as many IATA airport codes as you do technology acronyms.
  • Participate in relevant professional organizations like OWASP, InfraGard, ISACA or the like.

Company Overview:

Sikich LLP is a nationally-ranked top 50 public accounting and consulting firm. Working at Sikich, you’ll become part of a highly motivated and competent team that values individual effort and growth while encouraging balance between your personal and work life. We recognize that our people are our most valuable asset—our employees drive our success.

Sikich is honored to have been named a Top Workplace by the Chicago Tribune and recognized nationally as a Best and Brightest Company to Work For. If you're looking to take your career to the next level, learn more about Sikich — and the possibilities for you. Visit us as

Working for Sikich:

We recognize that our people are our most valuable asset—our employees drive our success. That's why Sikich believes in empowering our people with real time career development, offering diverse and challenging work, and providing solid growth opportunities. We're always looking for talented people to join our team. If you have a let's get down to business, roll up your sleeves mindset, then Sikich is the place for you.

Benefits include:

  • Major Medical and Dental Insurance
  • 401k Match
  • Flexible Spending Accounts
  • Paid Exam Costs for Professional Certifications
  • Tuition Reimbursement
  • Flexible Work Schedule
  • Paid Paternal & Adoption Leave
  • Business Casual Dress Code
  • Employee Assistance Program
  • Fitness Reimbursement

To apply for this position, please submit your cover letter and resume to [Click Here to Email Your Resumé]

Job Snapshot

Employment Type Full-Time
Job Type Information Technology
Education Not Specified
Experience Not Specified
Manages Others Not Specified
Industry Consulting, Security
Required Travel Not Specified
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using you are agreeing to comply with and be subject to the Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.

PCI QSA/PA-QSA Consultant

Enter notes about this job: