Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do: Our VisaNet network processes over 13,000 transactions per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.

The Director of Mobile Security and Emerging Technologies will work as a member of Visa’s Pentest team program, part of the Security Architecture organization within the Visa Cybersecurity department. The objective of Visa’s Mobile Security and Emerging Technologies program is to pro-actively identify weaknesses and shortcomings in Visa’s security posture and recommend necessary controls and procedures to protect Visa adversarial threats. With this mission in mind, Visa’s Mobile Security team experts are involved in engagements that simulate adversarial threats and attacks in a timely manner, and test mobile as well as IoT applications against various types of attacks in order to protect our Visa brand. 

The Director of Mobile Security and Emerging Technologies will be a global key contributor and a team manager responsible for an efficient performing of internal and external ethical hacking of Visa mobile applications and IoT platforms across the world.

Mobile Pentest team members will also help with design, development and recommendation of security solutions to protect Visa proprietary/confidential data and systems. The candidate will lead compliance objectives related to mobile components and provide guidance and direction for the logical protection of information systems assets to other functional units. The candidate will be responsible for the team’s reports and vouch for the effectiveness of information security adherence, as well as, make recommendations for the adoption of new policies and procedures for Visa services.

Responsibilities 

• Lead Mobile Security Team with the goal to reduce the attack surface on all Mobile, SDKs and IoT Apps developed internally and externally by Visa partners.

• Influence, train and evangelize product development teams to adapt best practices in developing secure mobile apps and SDKS across various mobile platforms.

• Develop mobile security guidelines, requirements and standards for mobile product development, as well as enterprise mobile deployment and proactively mitigate risks associated with information security.

• Analyze security gaps in mobile technologies and frameworks that lack standard validation methodologies and incorporate remediation practices to reduce risk posture of Visa products and assets.

• Develop tools and automation frameworks required performing advanced and complex mobile security assurance and ethical hacking activities.

• Research on mobile platform releases, capabilities and functionalities to understand and establish mobile security standards.

• Define, implement and scale consistent mobile security practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value, and mitigate the risks associated with information security.

• Integrate architectural risk assessment and threat modeling of large scale enterprise applications and infrastructure into Software Development Lifecycle, to identify and reduce risk associated with information security in a timely manner.

• Ensure end-to-end security of Visa products by means of hands-on-testing, threat hypothesis, risk remediation advises and championing secure implementation efforts.

• Improve secure coding practices, application security requirements, automation, training, and metrics.

• Build strong cross-organizational relationships, and effectively influence staff across the IT organization, and broader enterprise.

• Collaborate with product development and solution teams proactively, to manage software security risk aligned with business goals.

• Collaborate with product and solution teams to achieve Visa Cybersecurity software security program objectives.

• Define a simplified security metrics approach that enables executive leaders, line leader, and operational staff to quickly take action on application security related risks.

• Collaborate with all internal and - application development teams to define an enterprise set of “reasonable” security controls that will protect company brand from real or perceived security breaches.

• Build secure products and standards around emerging technologies and fields lacking existing standards and security practices.

• Subject matter expertise in web, mobile or network penetration testing with track record of end-to-end testing of complex systems.

• Create, maintain and present/support training materials to ensure proper training of Visa’s workforce across the world.

• Provide accurate and timely reporting of findings and proposed remediation and mitigations.

• Technical support could include but not limited to the following: (1) Audit support & remediation, (2) Process Improvement, (3) Analysis & Reporting, (4) Cross Divisional Functional education, training and awareness, (5) Function/Methodology/Strategy advancement.

• Provide technical support to senior management in identifying and streamlining new/existing protocols and tools used by the penetration testing team. 

• Develop and automate scripts, tools and resources needed to advance ethical hacking capabilities around new and emerging technologies like mobile, cloud and embedded systems.

• Actively involved in security research around new and emerging technologies.

• Minimum of a Bachelor's Degree (or equivalent) in Computer Science, Information Security or a related field. Master’s preferred.

• At least 8-10 years of experience with extensive responsibility in Information Technology, Information Security and Compliance that includes a combination of both advanced technical and team management responsibilities.

• Prior experience or expertise performing application, infrastructure and mobile pentests

• Proven experience in team management, including of sensitive applications within corporations.

• MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies

• MUST have an extensive understanding of mobile application and IoT platform security concepts; deep understanding of those platforms, and advanced concepts related to SDKs and mobile wallets are mandatory as well.

• Understanding of web applications, development frameworks and web protocols would be a plus.

• Excellent penetration testing, application risk assessment and risk categorization skills, including but not limited to, reverse-engineering, network interception and manipulation, offensive and defensive attacks, as well as database and cross-site scripting injection attacks.

• Candidates with experience in the following tools/technologies should apply, but they are not required: Burp Suite, IDA pro, APKTool, Hopper, HP Fortify, CheckMarx (Sast/Dast), Cycript, XPosed, Charles, dex2jar, Kali Linux, and Wireshark.

• Extensive understanding of IoT concepts, hardware components, and current/future market analysis within the field.

• Extensive understanding of cryptographic concepts and applied cryptography

• Proficiency in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.

• Excellent interpersonal, facilitation, and demonstrated emerging leadership skills

• Able to operate at an advanced level of written and spoken communication; write and speak effectively with impact

• Conducts complex analytical functions by performing security assessments and ethical hacks of high risk sensitive applications

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.
All your information will be kept confidential according to EEO guidelines.