SSF Assessor

SSF Assessor

at Tevora

Irvine, CA or Fairfax, VA

If you haven't heard of Tevora, it's because we've done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

What's the role?

Tevora is seeking a PCI QSA + SSF (Secure Software Framework) Consultant to join our growing Payments Compliance team. This team plays a crucial role in helping some of the world's largest organizations secure their payment systems and software, ensuring full compliance with PCI-DSS and SSF standards. As a key contributor, you will be responsible for guiding clients through the complexities of payment security and performing secure software validations.

The successful candidate will have exceptional attention to detail, a proactive attitude, and a passion for solving complex security challenges. Strong communication skills and technical writing abilities are essential, as you will be working closely with clients and documenting your findings. Staying current with evolving security standards and continuously improving your technical knowledge will be critical for success in this role.

A day in the life could include:

• Leading PCI-DSS assessments and Secure Software Standard validations for clients to ensure full compliance with payment security requirements.
• Performing Secure Software Standard testing procedures on payment applications, ensuring compliance with SSF guidelines.
• Writing detailed Secure Software Standard Reports on Validation (ROV), documenting findings and providing recommendations.
• Collaborating with development teams to help implement secure software practices and ensure PCI compliance.
• Supporting presales efforts by scoping SSF-related engagements, preparing proposals, and participating in client presentations.
• Building and maintaining strong professional relationships with clients, offering expert guidance throughout the compliance process.
• Working closely with marketing to produce thought leadership content around PCI-DSS, SSF, and payment security trends.

Necessary skills and qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
• Secure Software Assessor Certification (with a valid listing on the PCI SSC website) is required.
• PCI Qualified Security Assessor (QSA) certification is also required.
• Experience performing at least one Secure Software Standard validation in the past year.
• Strong knowledge of Secure Software Standard testing procedures and the ability to apply these to payment applications.
• Demonstrated experience writing Secure Software Standard Reports on Validation (ROV) with attention to detail and clarity.
• Strong communication skills for building and maintaining relationships with clients.
• Ability to explain technical details clearly to non-technical stakeholders.

Bonus Points:

• Secure Software Lifecycle (SLC) Certification and experience is preferred but not required.
• Additional experience with other payment security standards, such as P2PE.
• Certifications such as CISSP, CISM, or CSSLP.
• Experience working with large, global organizations in complex compliance environments.

We've got you covered!

• Comprehensive benefits offering
• Paid time off and holidays
• 401k with Company match
• Vibrant work culture
  
  

Additional requirements:

• A valid driver's license is required.
• Eligibility to work in the United States.
• Must work a hybrid schedule at our Irvine, CA or Fairfax, VA office.
  
  

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.