Overview
Skills
Job Details
Comtech LLC is seeking an experienced Quality Assurance & Compliance Specialist to join the PSD Database Penetration Testing Project team.
This role ensures all project deliverables adhere to cybersecurity quality standards, compliance frameworks, and procedural integrity requirements defined under ISO/IEC 27001, PTES, and OWASP.
The specialist will oversee audit documentation, data-handling protocols, and ensure evidence management and reporting meet both state and federal compliance standards throughout the project lifecycle.
The Quality Assurance & Compliance Specialist will be responsible for tasks including but not limited to:
- Lead quality assurance and compliance verification activities across all penetration testing and security assessment deliverables.
- Develop and implement QA checklists, review protocols, and documentation controls for test reports, risk assessments, and vulnerability mitigation plans.
- Ensure all testing and documentation processes align with ISO/IEC 27001, NIST SP 800-115, PTES, and OWASP Testing Methodology standards.
- Conduct independent validation of findings, ensuring accuracy, completeness, and consistency across technical and executive-level reports.
- Oversee the secure management, tracking, and destruction of sensitive data and artifacts generated during testing.
- Review and verify adherence to data retention and evidence handling procedures in accordance with state and federal regulations.
- Support the internal audit and compliance review cycles, ensuring all test phases meet predefined quality gates and acceptance criteria.
- Maintain traceability matrices linking findings to compliance frameworks and security standards.
- Collaborate closely with penetration testers, analysts, and project managers to ensure quality-driven deliverables and continuous process improvement.
- Prepare final QA certification reports confirming adherence to project quality standards and evidence management policies.
Required Qualifications & Experience - Quality Assurance & Compliance Specialist | |
M1. | Bachelor s degree in Cybersecurity, Computer Science, Information Systems, or a related field (or equivalent experience). |
M2. | 5+ years of professional experience in cybersecurity compliance, IT audit, or quality assurance. |
M3. | Demonstrated understanding of penetration testing methodologies (PTES, OWASP, NIST 800-115). |
M4. | Proven experience implementing and auditing against ISO/IEC 27001 standards. |
M5. | Knowledge of evidence lifecycle management, including data collection, retention, and destruction protocols. |
M6. | Strong ability to perform independent quality checks on technical deliverables such as risk reports, vulnerability findings, and remediation plans. |
M7. | Experience working within controlled cybersecurity engagements involving sensitive data and state-level regulatory oversight. |
M8. | Excellent written communication, documentation, and report validation skills. |
Mandatory Certifications - Quality Assurance & Compliance Specialist | |
C1. | ISO 27001 Lead Auditor / Implementer (Required) |
C2. | CISA (Certified Information Systems Auditor) |
C3. | CISM (Certified Information Security Manager) |
C4. | CompTIA Security+ |
C5. | GIAC GSLC / GCCC |