PCI Penetration Testing Coordinator

Company Description
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.
Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.
Job Description
NBCUniversal's Cyber Governance Risk and Compliance team is seeking a PCI Scanning & Penetration Testing Coordinator to lead and manage the organization's PCI ASV scanning and penetration testing programs. This role serves as the central liaison between internal business units, technical teams, and external vendors, while also possessing the technical capability to conduct penetration tests independently when required. The successful candidate will ensure timely execution, remediation, and compliance with PCI DSS requirements across all business entities.
Responsibilities:

• Managing and maintaining PCI ASV scan schedules across all business units.
• Initiating and tracking ad hoc scans, ensuring timely execution and reporting.
• Validating remediation of vulnerabilities and special notes, coordinating with technical teams and GRC.
• Acting as the single point of contact for the ASV vendor, resolving anomalies and portal issues.
• Negotiating false positives and scan disputes with the vendor on behalf of business units.
• Coordinating annual and ad hoc PCI penetration tests across applicable environments.
• Scoping, scheduling, and executing penetration tests internally when vendor support is unavailable or impractical.
• Performing manual and automated testing techniques including network, web application, and system-level assessments.
• Analyzing test results, documenting findings, and providing remediation guidance aligned with PCI DSS.
• Tracking remediation efforts and maintaining centralized documentation of test reports and compliance evidence.
• Generating and maintaining reports for internal stakeholders, auditors, and compliance attestations.
• Interfacing with business unit technical teams to ensure understanding and prioritization of findings.
• Providing guidance and support to teams with limited PCI knowledge or bandwidth.

Qualifications
Requirements:

• Bachelor's Degree in an IT-related field and/or equivalent work experience.
• Minimum 3-5 years of experience in PCI compliance, vulnerability management, or penetration testing.
• Strong understanding of PCI DSS requirements, especially ASV scanning and penetration testing controls.
• Proficiency in penetration testing methodologies (OWASP, NIST SP 800-115, PTES).
• Experience with tools such as Burp Suite, Nmap, Nessus, Metasploit, Kali Linux, and scripting (Python, Bash).
• Working knowledge of network protocols, web application architecture, and common vulnerabilities.
• Experience working with external vendors and internal technical teams.
• Excellent organizational, communication, and documentation skills.
• Ability to manage multiple concurrent projects and deadlines.
• Certifications (at least one Required):
  • Offensive Security Certified Professional (OSCP)
  • GIAC Penetration Tester (GPEN)
  • Certified Ethical Hacker (CEH)
• Certifications (Preferred):
  • PCI Internal Security Assessor (ISA)
  • GIAC Web Application Penetration Tester (GWAPT)
  • CISSP or CISM for broader security leadership alignment

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $100,000 - $140,000
Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].
For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.