Company Description|Job Description
As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable & secure payment network - enabling individuals, businesses, & economies to thrive. Our advanced global processing network, VisaNet, provides secure & reliable payments around the world, & is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, & fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network & scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, & be part of an inclusive & diverse workplace. We are a global team of disruptors, trailblazers, innovators & risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, & doing meaningful work that brings financial literacy & digital commerce to millions of unbanked & underserved consumers.
You're an Individual. We're the team for you. Together, let's transform the way the world pays.
Visa's Cyber Security team is looking for a Cybersecurity engineer with expertise in Application Security domain, who will be responsible to define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning & delivery cycles that assure that application security vulnerabilities are mitigate. Very strong application security & web application development experience & team leadership skills are a must. In this position, you are a passionate & talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities & best practices design & threat modeling skills who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames & be willing to go beyond the standard routine.
- 2 years of work experience with a Bachelor's Degree or an Advanced Degree (e.g. Masters, MBA, JD, MD, or PhD)
- 4-5 years of experience with Bachelor's degree or 2-3 years of experience with Master's degree in Computer Science
- 2-3 Years of Experience in Web Application Security, SSDLC & Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience
- Excellent knowledge on Web Application Security, Threat Modelling & OWASP.
- Strong knowledge of deep design review & Secure Development Lifecycle methodologies, Agile based methodologies, middleware platforms, development platforms (Java, C, C++, .NET etc.).
- Strong knowledge of data protection concepts & cryptographic fundamentals, encryption algorithms
- Technical experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policyenforcement,patch/configuration management, usage monitoring, audit, secure application development, etc.
- Be a product security champion by driving Security Architecture & Design, implementation & optimization for Web, API & Mobile backend applications across Visa.
- Engage in the initial requirements definition including analysis of threats & risks & alignment with Visa security, Engineering, IT & Architecture standards.
- Conduct & facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
- Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's; & plan the resolution of any identified vulnerabilities/issues.
- You'll be working on enabling/building security controls which protect the applications from attacks on various platforms & technologies, like:
- Linux, Windows, VMWare, Openstack, SDN, Public cloud like AWS, Google
- Web technologies like HTTP, SOAP, REST services, AJAX
- Databases like Oracle, MS SQL, MySQL, Redis, Cassandra
- Caching services like Hazelcast, Coherence, & messaging systems like Kafka, MQ
- Web Access Management solutions like Forgerock, Siteminder, Custom/in-house Security Frameworks
- Cybersecurity tools like IDS, SIEM, Tripwire, Tanium, Netwitness, Netflow, WAF
- HSMs, Tokenization systems, data encryption solutions from Safenet, Vormetric etc
- Automate security tools & processes ensuring innovation & advancement strategies that keep pace in the areas of access control, security-in-depth, secure transaction processing, secure coding practices forweb & mobileapplications.
- Help business & product team to achieve various compliance certifications like PCI, FFIEC etc.
- Identify & analyse system & application level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable & manageable level.
This position requires the incumbent to be available during core business hours
This position requires the incumbent to travel for work 0-5%of the time
This position will be performed in an office setting. The position will require the incumbent to sit & stand at a desk, communicate in person & by telephone, frequently operate standard office equipment, such as telephones & computers, reach with hands & arms, & bend or lift up to 25 pounds.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines & applicable local law.