Sr. Application Security Engineer
- Bengaluru, India
Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do: Our VisaNet network processes over 13,000 transactions per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.
As a Senior Software Security Engineer, you will be part of our Cybersecurity team to help design, enhance and build our Application Security Tools and Services in addition to supporting Visa Product Development teams in writing secure code free of Application Security Vulnerabilities in an agile development environment. You will work with colleagues, who will support and challenge you daily. You will work on designing secure web applications, unit testing, code reviews and regular check-ins to continuous integration that will become part of your DNA.
Our engineers do more than just write code:
- Help define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that application security risks are mitigate
- Ensure end-to-end security of Visa products by hands on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts
- Improve secure coding practices, application security requirements, automation, training, and metrics
- Integrate threat modeling practices into the Software Development Lifecycle
- Help build secure products and standards around emerging technologies and using existing standards and security practices
- Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security
- Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
- Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
- Manage cross-functional internal and external team collaboration, evangelization, and communications
- Develop and optimize processes to improve software development efficiency in the consumption of security development practices
- Maintain active understanding of industry practices for secure software development and incident response
- You have a Bachelor degree in Computer Science or related field and 2 -3 years of Software Development Experience
- 1-2 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline
- MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
- Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
- Well versed in web application design, penetration testing, application risk assessment and risk categorization
- Operational knowledge of secure software development life cycle principles from training and requirements gathering to post-implementation operations support
- Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
- Success in implementing effective Secure SDLC frameworks across a large corporation.
- Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
- Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
- Deep knowledge and experience in using SAST, DAST and fuzz testing tools
- Highly effective communicator; well-honed influencing and negotiating skills
- Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.
All your information will be kept confidential according to EEO guidelines.