As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.

At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.

You're an Individual. We're the team for you. Together, let's transform the way the world pays.

This candidate will join Cybersecurity and will help drive the successful adoption of Secure Software Development Lifecycle practices across Visa’s product development teams and help build foundational application security capabilities.

• Help define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value and mitigate the risks associated with information security
• Ensure end-to-end security of Visa products by hands on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts
• Improve secure coding practices, application security requirements, automation, training, and metrics
• Integrate threat modeling practices into the Software Development Lifecycle
• Help build secure products and standards around emerging technologies and fields lacking 
  existing standards and security practices
• Build strong cross-organizational relationships and effectively influencing staff across the IT organization and broader enterprise
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
• Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
• Help to define simplified security metrics approach that enables executive leaders, line leaders, and 
  operational staff to quickly take action on application security related risks
• Manage cross-functional internal and external team collaboration, evangelization, and communications
• Develop and optimize processes to improve software development efficiency in the consumption of security development practices
• Maintain active understanding of industry practices for secure software development and incident response

• Graduate degree in Computer Science, Electrical Engineering or a related technical discipline
• Hands on experience with .NET technologies (C#, ASP.NET, Classic ASP), Java, HTML, JavaScript
• MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
• Well versed in web application design, penetration testing, application risk assessment and risk categorization
• Operational knowledge of secure software development life cycle principles from training and requirements gathering to post-implementation operations support
• Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
• Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. Deep knowledge or experience with the following:
  • Agile SDLC processes and PMO reengineering
  • Enterprise and application architecture
  • SAST, DAST and fuzz testing tools
  • Highly effective communicator; well-honed influencing and negotiating skills 
  • Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution. 
  • Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams 
  • Demonstrated leadership qualities, flexibility, adaptability to changes in roles and responsibility as required
  • 3+ years in technology, information security and/or application development
  • Excellent operational skills; quality and results oriented
  • Strategic thinker; visionary; innovative
  • Strong client service orientation

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.

All your information will be kept confidential according to EEO guidelines.