Information Security Analyst - Attack Surface Management

  • Ashburn, VA, USA
  • Full-time

Company Description

About Visa:

Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do. CyberSource, a Visa company, has been and continues to be a pioneer within the e-Commerce Payment Management world. Our VisaNet network is capable of handling over 65,000 transaction messages per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks.

We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.

“Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.”

Job Description


Join a growing, fast-paced and high-performance Attack Surface Management team. Information security is an integral part of Visa’s corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, and it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Information security has a significant effect on privacy, consumer confidence, external reputation, and/or the bottom line, and it is a priority on everyone’s agenda.

The successful candidate will work in the Attack Surface Management team. Organizations often see security as collections of identified vulnerabilities in silos. This isolated perspective misses the proverbial big picture--the "attack surface". This role requires the ability to be forward thinking and assist with developing unique solutions that are at the forefront of technology; the Attack Surface Management Team at Visa is a leader in the space not a follower. The primary focus of this role is to assist with the identification and notification of vendor patches. This will be accomplished by tracking internal and external vulnerabilities, and then applying the appropriate risk-ratings to prioritize remediation to ensure Visa is appropriately protected. This role will be expected to work with various teams and their managers, supervisors and/or professional staff and may lead project teams to achieve milestones or objectives, coordinate with IT Ops & Eng. and engage business personnel to ensure remediation solutions are identified, tested and made available to all groups responsible for vulnerability remediation to ensure PCI-DSS attestation. A successful candidate should be expected to be a proactive worker and generate security solutions that enhance the business they support. You must be able to take your experience and knowledge of security to the next level and work with a world class team to deliver on the Attack Surface Management goal of developing the complete perspective for operational and management visibility of Visa’s overall Attack Surface. Are you up for the challenge?


  • Implement under the direction of the Director of Attack Surface Recon team utilizing the enterprise-wide strategy for the Attack Surface Management Program with established key initiatives/projects focused on the reduction of technology risk within Visa.
  • Operate as a Subject Matter Expert for Vendor Patch Management
  • Assist in the development of solutions and solving complex/unique problems w/ regard to Visa’s Attack Surface 
  • Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Attack Surface Management functional strategy.
  • Work with IT and business teams to develop solutions that address root causes.
  • Utilize existing vulnerability management, security configuration management, and web application scanning tools and processes to extend coverage, increase effectiveness and expand capabilities.
  • Work with diverse IT and business teams to assist in developing solutions to remediate identified vulnerabilities and misconfigurations in a risk prioritized, effective and efficient fashion.
  • Provide support to Audit, Legal, Human Resources, Corporate Security and Executives.
  • Possess the ability to effectively identify, evaluate and communicate new and ongoing security threat.


  • Bachelors Degree in Information Assurance and Security (or related field) or equivalent work experience 
  • 2-4 years of experience in Information Security with experience in vulnerability management, security configurations management, or other security scanning.
  • Possess strong technical security skills and comprehension of security and risk
  • Ability to work on complex projects and with diverse teams
  • Familiar with Vulnerability Management tools such as Qualys QualysGuard, nCircle IP360, McAfee Foundstone, Tenable Nessus, etc.
  • Familiar with Policy Compliance tools such as Qualys QualysGuard, Symantec CCS, Microsoft SCM, etc.
  • Familiar with Security Single Pane of Glass implementations or frameworks such as RSA Archer, Modulo, Risk I/O, etc.
  • Knowledge of PCI-DSS compliance standards and guidelines
  • Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments. Extensive knowledge and experience with physical and virtual server configurations and implementations.
  • Experience working with security management tools (i.e. vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.).
  • Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.).
  • Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation recommendations.
  • Strong technical understanding and experience assessing threats to and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off the shelf applications, etc.
  • Must be both a self-starter and team player with the ability to work independently with limited supervision.
  • Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively.
  • Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
  • Security-related certifications a plus – CRISC, CISSP, CISM, etc.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Privacy Policy