About Visa:

Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do. CyberSource, a Visa company, has been and continues to be a pioneer within the e-Commerce Payment Management world. Our VisaNet network is capable of handling over 65,000 transaction messages per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks.

We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.

“Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.”

Candidate will develop, support, tune and deploy Web Application Firewall security solutions across Visa.  Primary day-today job duties involve –

• Web Application Security: Engineering, deployment, and operations of Web Application Firewall security solutions and integration of those platforms with other security solutions as required.
• Performing hands-on Web Application Firewall deployment, configuration, policy fine-tuning and maintenance

This is a hands-on technical job. Looking for an experienced candidate with extensive experience with Akamai, Cloudflare and/or Imperva Web Application Firewall policy fine-tuning and administration.

Responsibilities

Web Application Security:

• Engineers, configures, deploys, and maintains Web Application Firewall solutions
• Develops advanced alerts/reports to meet the requirements of key stakeholders
• Develops automation for security tools management and workflow integration
• Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs
• Creates WAF rules/signatures to mitigate threats and implements best practices
• Creation and implementation of custom alerting dashboards in SIEM for investigations
• Works extensively with   different stakeholders across Visa for tuning WAF policies or creating custom signatures
• Aids in gathering metrics for measuring Performance and Risk
• Provides ongoing support to existing monitoring capabilities and data collection systems.
• Provides development support for the expansion and implementation of new systems.

Over 6 years of experience in Cybersecurity engineering with experience that includes configuring and managing Web Application Firewalls.

 Web Application Firewall/Security Experience:

• Experience with Akamai and/or Imperva is a must
• Expert Python Scripting, Perl, Shell scripting. Development experience in C++, Java, Java Script.
• Excellent experience with Regular Expressions
• Solid understanding of web applications, web servers, application firewalls, frameworks and protocols with respect to web application development, deployment, and operation
• Extensive knowledge of Imperva, Akamai and/or Cloudflare Web Application Firewall configuration and management
• Extensive knowledge of web technologies and concepts
• Strong understanding of TCP/IP, web protocols and networking concepts
• Expertise in one or more areas such as operating systems, web services, programming languages, network devices, application vulnerabilities and attack vectors
• Experience in reviewing and analyzing log files and data correlation
• Excellent Logical and Practical understanding of SSDLC
• Experience with managing Web/Application Servers  
• Scripting/programming using Python
• Excellent understanding and hands on experience with Java and/or .NET technologies
• Excellent understanding of PKI Technology
• Excellent knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
• Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks. 
• Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
• Experience with Web Application Firewall management and rules
• Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
• Excellent understanding of DDoS techniques and mitigation mechanisms

Cyber Defense and Incident Response:

• Solid understanding of Incident Response Process
• Prior experience in Security Operations and Incident Response
• Excellent understanding of Cyber Security Operations, Incident Response processes

Educational, Certifications and Other:

• Excellent communication skills
• Excellent team player
• CISSP, SANS GPEN, GXPN, SANS GIAC AWS Security
• OSCP (Offensive Security Certified Professional) is a Plus
• Bachelor’s degree in engineering, computer science, information security, or information systems