As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable & secure payment network - enabling individuals, businesses, & economies to thrive. Our advanced global processing network, VisaNet, provides secure & reliable payments around the world, & is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, & fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network & scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, & be part of an inclusive & diverse workplace. We are a global team of disruptors, trailblazers, innovators & risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, & doing meaningful work that brings financial literacy & digital commerce to millions of unbanked & underserved consumers.
You're an Individual. We're the team for you. Together, let's transform the way the world pays.
Visa's Cyber Security team is looking for a Cybersecurity engineer with expertise in Application Security domain, who will be responsible to define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning & delivery cycles that assure that application security vulnerabilities are mitigate. Very strong application security & web application development experience & team leadership skills are a must. In this position, you are a passionate & talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities & best practices design & threat modeling skills who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames & be willing to go beyond the standard routine.
2 years of work experience with a Bachelor's Degree or an Advanced Degree (e.g. Masters, MBA, JD, MD, or PhD)
- 4-5 years of experience with Bachelor's degree or 2-3 years of experience with Master's degree in Computer Science, Mathematics, Physics, or equivalent
- You have a Bachelor degree in Computer Science or related field & 2-4 years of Software Development Experience
- 2-3 Years of Experience in Web Application Security, SSDLC & Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience
- MUST have deep understanding of OWASP Top 10 & CWE 25; with proven track record & experience in implementing & integrating remediation strategies
- Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks & protocols with respect to application development & deployment
- Well versed in web application design, penetration testing, application risk assessment & risk categorization
- Well versed (experience preferred) with driving & implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
- Success in implementing effective Secure SDLC frameworks across a large corporation.
- Ability to effectively present & communicate security threats & risks to ANY audience & impress upon them the mitigation techniques & strategies
- Candidates should be familiar with waterfall & agile development processes & have experience integrating secure development practices into both models.
- Deep knowledge andexperience in usingSAST, DAST & fuzz testing tools
- Highly effective communicator; well-honed influencing & negotiating skills
- Solid problem solving & analytical skills; able to quickly digest any issue/problem encountered & recommend an appropriate solution.
- Self-motivated; able to work independently; able to negotiate & bring consensus to diverse priorities of product development & solution teams
- Help define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning & delivery cycles that assure that application security risks are mitigate
- Ensure end-to-end security of Visa products by hands on testing, hypothesizing threats, helping development teams remediating risks upfront & championing secure implementation efforts
- Improve secure coding practices, application security requirements, automation, training, & metrics
- Integrate threat modeling practices into the Software Development Lifecycle
- Help build secure products & standards around emerging technologies & using existing standards & security practices
- Perform Security Architecture & Low Level Application Security Design review involving: Data Protection, Authentication & Authorizations, Web Application Security & Network Security
- Collaborate with product development & solution teams proactively to manage software security risk aligned with business goals
- Collaborate with product & solution teams to achieveCybersecurity software security program objectives
- Manage cross-functional internal & external team collaboration, evangelization, & communications
- Develop & optimize processes to improve software development efficiency in the consumption of security development practices
- Maintain active understanding of industry practices for secure software development & incident response
This position will be performed in an office setting. The position will require the incumbent to sit & stand at a desk, communicate in person & by telephone, frequently operate standard office equipment, such as telephones & computers, reach with hands & arms, & bend or lift up to 25 pounds.
This position may require the incumbent to travel up to 10% of the time.
This position requires the incumbent to be available during core business hours.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines & applicable local law.