Cybersecurity Analyst

  • Full-time
  • Job Family Group: Technology and Operations

Company Description

Visa Inc. is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories, enabling them to use digital currency instead of cash and checks.

Visa does not issue cards, extend credit or set rates and fees for consumers. Visa's innovations enable its bank customers to offer consumers choices: Pay now with debit, ahead of time with prepaid or later with credit products. From the world's major cities to remote areas without banks, people are increasingly relying on digital currency along with mobile technology to use their money anytime, make purchases online, transfer funds and access basic financial services. All of which makes their lives easier and helps grow economies.

Behind the Visa brand are more than 6,000 talented employees who continuously raise the bar with innovative solutions and products that deliver the convenience and security of digital currency to more people all over the world.

Job Description

The Mobile Security Program (MSP) team is looking for a Mobile Cybersecurity Analyst to conduct Mobile Pentests for consumer and cooperate mobile product across Visa. As a member of Visa’s MSP team, the candidate will help: 

  • Execute successful adaptation of mobile security assurance across Visa. 
  • Identify weaknesses and shortcomings in Visa’s existing security posture of various products and recommend necessary controls to securely protect Visa assets and services from intentional or inadvertent modification. 
  • Drive successful adoption of Secure Software Development Lifecycle practices across product development teams.
  • Perform ethical penetration testing on various Visa products and assets to simulate real-life security vulnerabilities and scenarios. 
  • Help build foundational application security capabilities. 

Responsibilities

  • Develop mobile security guidelines, requirements and standards for mobile product development, as well as enterprise mobile deployment and proactively mitigate risks associated with information security. 
  • Analyze security gaps in mobile technologies and frameworks that lack standard validation methodologies and incorporate remediation practices to reduce risk posture of Visa products and assets. 
  • Develop tools and frameworks required performing advanced and complex mobile security assurance and ethical hacking activities. 
  • Research on mobile platform releases, capabilities and functionalities to understand and establish mobile security standards. 
  • Define, implement and scale consistent mobile security practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value, and mitigate the risks associated with information security. 
  • Integrate architectural risk assessment and threat modeling of large scale enterprise applications and infrastructure into Software Development Lifecycle, to identify and reduce risk associated with information security in a timely manner. 
  • Ensure end-to-end security of Visa products by means of hands-on-testing, threat hypothesis, risk remediation advises and championing secure implementation efforts.
  • Improve secure coding practices, application security requirements, automation, training, and metrics.
  • Build strong cross-organizational relationships, and effectively influence staff across the IT organization, and broader enterprise. 
  • Collaborate with product development and solution teams proactively, to manage software security risk aligned with business goals. 
  • Collaborate with product and solution teams to achieve Cybersecurity software security program objectives. 
  • Define a simplified security metrics approach that enables executive leaders, line leader, and operational staff to quickly take action on application security related risks. 
  • Collaborate with all internal and third party application development teams to define an enterprise set of “reasonable” security controls that will protect company brand from real or perceived security breaches. 
  • Build secure products and standards around emerging technologies and fields lacking existing standards and security practices. 
  • In addition, develop and optimize processes to improve software development efficiency in the consumption of security development practices. Utilizes graduate-level research and analysis skills.

Qualifications

  • Bachelor's degree in Computer Science, Electrical Engineering or a related technical discipline; advanced degree preferred.
  • Hands-on experience with one or more of the following programming languages: Python, C#, Java, JavaScript, Objective-C, C, C++; Objective-C, Java or Swift strongly preferred. 
  • MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • MUST have an understanding of the basics of a mobile application and platform security concepts; deep understanding of those platforms, and advanced concepts related to SDKs and mobile wallets preferred.
  • Understanding of web applications, development frameworks and web protocols would be a plus. 
  • Excellent penetration testing, application risk assessment and risk categorization skills, including but not limited to, reverse-engineering, network interception and manipulation, offensive and defensive attacks, as well as database and cross-site scripting injection attacks. 
  • Candidates with experience in the following tools/technologies should apply, but they are not required: Burp Suite, IDA pro, APKTool, Hopper, HP Fortify, CheckMarx (Sast/Dast), Cycript, XPosed, Charles, dex2jar, Kali Linux, Wireshark or any mobile security and/or penetration testing tools or frameworks.
  • Well-versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer’s world.
  • Candidates should be familiar with the agile development process and have experience integrating secure development practices into the model efficiently.
  • Strong client service orientation. 
  • Able to negotiate and bring consensus to diverse priorities of product development and solution teams. 
  • Success in implementing effective Secure SDLC frameworks across a large corporation or ability to demonstrate experience in doing so. 
  • 2 to 5 years in technology, information security, and/or application development.
  • MUST be a highly effective communicator and flawless writer. 
  • Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
  • Self-motivated and able to work independently.
  • Demonstrated leadership qualities, flexibility, adaptability to changes in roles and responsibility as required.
  • Excellent operational skills; quality and results oriented.
  • Strategic thinker; visionary; innovative
  • Bi/multi-lingual a plus. 

Additional Information

All your information will be kept confidential according to EEO guidelines.

Privacy Policy