Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do: Our VisaNet network processes over 13,000 transactions per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.

Visa is looking for an experienced security architect with broad and deep knowledge of Identity and Access Management to join the IAM Program in our Enterprise Security Architecture team. The IAM Architect will work with business units to guide them in implementing the correct solutions for their needs while adhering to Visa standards and best practices. The IAM Architect will also work with multiple parts of Global Information Security as well as other organizations to define and evaluate policies, standards and solutions for enterprise and business use.

The position is available in:

• Foster City, CA
• Highlands Ranch, CO
• Austin, TX
• Ashburn, VA

Regular telecommuting is not an option. Occasional travel to Foster City will be required.

This position focuses primarily (80%+) on system and infrastructure IAM for internal staff, not web and not customers.

A minimum of 10 years’ experience as an architect working on system and infrastructure IAM is mandatory. Technical exams will be administered.

Candidates must be experienced (at least 10 years) with designing, implementing and optimizing solutions using many of the following technologies and concepts:

• Active Directory (Must be familiar with forest and domain design, trusts, directory structure, GPO, security best practices, etc.)
• Other Directories (LDAP & X500)
• Web Access Management using standard solutions such as CA SSO/SiteMinder, Oracle Access Manager, ForgeRock, etc.
• Single Sign-on and Federation using standard protocols and frameworks such as Kerberos, SPNEGO, SAML 2.0, ADFS, OpenID Connect, etc.
• Privileged Access Management using solutions such as CA PAM/Xceedium Gatekeeper, BeyondTrust PowerBroker, Dell Privilege Manager, Managed sudo, etc.
• Two-factor Authentication (Legacy One-Time Password solutions and Certificates on Smart Cards as well as modern Push Authentication)
• Adaptive Authentication
• Device Authentication & Profiling
• Identity Management (requesting, automated provisioning, de-provisioning, reconciliation, certification, etc.)
• Public and Private Cloud IAM (Familiarity with IDaaS solutions such as Azure AD and Okta as well as securing SaaS)
• Windows Security
• Unix and Linux Security (especially privileged command management and AD integration)
• PKI
• SSH Key Management

The following skills are also required:

• Solid written and verbal communication
• Knowledge of formal architecture documentation processes such as UML, MDA, Zachman, TOGAF
• Effective at presenting information to different audiences at the correct level of detail (i.e., from engineering teams to executive management)
• Capable of working on multiple projects simultaneously
• Capable of solving complex problems
• Capable of defining strategic and tactical solutions, and knowing when each applies
• Deep knowledge of the security aspects of the following operating systems: Windows, MacOS, Linux, UNIX, z/OS, Non-Stop.
• Experience and/or interest in developing security policies and standards

The following are all desirable and would be considered assets:

• Involvement in industry groups related to IAM
• Ability and interest in staying current on latest IAM and security standards, solutions and best practices
• Familiarity with modern deployment constructs such as containers (Docker, Mesos, etc.)

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.

All your information will be kept confidential according to EEO guidelines.