Company Description|Job Description
Fascinated by the future & captivated by technology?
Smart, driven & want to make a difference in the world?
You'll fit right in.
Join a diverse team at Visa, where your individuality fits right in. We can provide the opportunity to shape the payments experience globally. Together, let's transform the way the world pays.
Think you know us?
Our mission is to connect the world through the most innovative, reliable & secure digital payment network that enables individuals, businesses & economies to thrive.
Individuality fuels our brand & our global team - we're proud that we are a talented team of 15,000 individuals with unique backgrounds, perspectives & experiences. Therefore, we understand that you are much more than your day job. We encourage quality of life outside of the office, whether it's taking advantage of agile work schedules or our wellness programs, Visa respects & encourages meaningful work/life balance for everyone. In addition, we offer market leading salary & have a fantastic benefits offering.
So, if you're not satisfied with the status quo, we can satisfy your desire to explore new territory, giving you the runway to really make an impact, whilst connecting you with teams around the world in a truly inclusive culture that celebrates our uniqueness.
If you think you could support Visa as a Lead Application Security Engineer, we want to hear from you - together, let's make Visa a great place to work.
What's it all about?
Visa's Cyber Security team is looking for a Lead Application Security Engineer, who will be responsible for defining & maintaining consistent Secure Software Development Life-cycle practices for all of Visa's technology projects throughout the planning & delivery cycles, assuring the mitigation of application security vulnerabilities. You will help to define & improve the global application security programs & services; you will lead the team, as well as sharing your knowledge & expertise with other colleagues.
In this position, you are expected to be a passionate & talented application security engineer with a very deep understanding of OWASP, CWE 25, data protection, access management software vulnerabilities, best practices design & threat modellingskills. You must be dedicated & able to work with developers in a dynamic environment to produce secure code in short time frames.
What we expect of you, day to day
- Help define consistent Secure Software Development Life-cycle practices for all Visa technology projects throughout the planning & delivery cycles that assure that application security risks are mitigated
- Lead & mentor the regional team with your expertise & knowledge.
- Lead & mentor colleagues with your expertise & knowledge.
- Ensure end-to-end security of Visa products by hands-on testing, hypothesising threats, helping development teams with remediating risks upfront & championing secure implementation efforts.
- Improve secure coding practices, application security requirements, automation, training, & metrics
- Integrate threat modelling practices into the Software Development Lifecycle
- Help build secure products & standards around emerging technologies & using existing standards & security practices
- Perform Security Architecture & Low Level Application Security Design review involving: Data Protection, Authentication & Authorisations, Web Application Security & Network Security
- Collaborate with product development & solution teams proactively to manage software security risk aligned with business goals
- Collaborate with product & solution teams to achieveCybersecurity software security program objectives
- Manage cross-functional internal & external team collaboration, evangelisation, & communications
- Develop & optimise processes to improve software development efficiency in the consumption of security development practices
- Maintain active understanding of industry practices for secure software development & incident response
What we're after
- Mid-level experience with Bachelor's degree orexperience with Master's degree in Computer Science, Mathematics, Physics, or equivalent
- Deep understanding of OWASP Top 10 & CWE 25; with proven track record & experience in implementing & integrating remediation strategies
- Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks & protocols with respect to application development & deployment
- Well versed in web application design, penetration testing, application risk assessment & risk categorisation
- Well versed (experience preferred) with driving & implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer's world
- Success in implementing effective Secure SDLC frameworks across a large corporation.
- Ability to effectively present & communicate security threats & risks to any audience & impress upon them the mitigation techniques & strategies
- Familiar with waterfall & agile development processes & have experience integrating secure development practices into both models.
- Familiar with code management system (e.g.: BitBucket), CI/CD system (e.g.: Jenkins), Docker, Kubernetes, microservice architecture, OAuth 2.0, OpenID Connect.
- Deep knowledge andexperience in usingSAST, DAST, IAST, SCA & fuzz testing tools
- Highly effective communicator; well-honed influencing & negotiating skills
- Solid problem solving & analytical skills; able to quickly digest any issue/problem encountered & recommend an appropriate solution.
- Self-motivated; able to work independently; able to negotiate & bring consensus to diverse priorities of product development & solution teams
Think you have what it takes?
If you are interested in a career that will challenge & inspire you - we'd love to hear from you!
Diversity & Inclusion
Universal acceptance for everyone, everywhere, is not only our brand promise, it's the foundation of our company culture. We foster a feeling of connectedness in the workplace, support diversity of thought, culture & background, fight for important initiatives like Equal Pay & actively work to eliminate unconscious biases that hold us all back.
By leveraging the diverse backgrounds & perspectives of our worldwide teams, Visa is a better place to work & a better business partner to our clients.