Senior Mobile Cybersecurity Analyst
- Foster City, CA, USA
Visa Inc. is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories, enabling them to use digital currency instead of cash and checks.
Visa does not issue cards, extend credit or set rates and fees for consumers. Visa's innovations enable its bank customers to offer consumers choices: Pay now with debit, ahead of time with prepaid or later with credit products. From the world's major cities to remote areas without banks, people are increasingly relying on digital currency along with mobile technology to use their money anytime, make purchases online, transfer funds and access basic financial services. All of which makes their lives easier and helps grow economies.
Behind the Visa brand are more than 6,000 talented employees who continuously raise the bar with innovative solutions and products that deliver the convenience and security of digital currency to more people all over the world.
The Mobile Security Program (MSP) team provides comprehensive security reviews and security assurance on all consumer and corporate mobile and IoT applications across Visa, globally.
As a member of Visa’s MSP team, the candidate will join a fun, dynamic and fast-paced team in order to help:
- Identify weaknesses and vulnerabilities in Visa’s existing security posture of various products and recommend necessary controls to securely protect Visa assets, applications and services from intentional malicious use or inadvertent misuse.
- Drive the successful adoption of our Mobile Security best practices across all product development teams within Visa, globally.
- Perform ethical penetration testing on various Visa products, applications and assets to simulate real-life security vulnerabilities and scenarios and deliver comprehensive reports on their security posture.
- Collaborate with various stakeholders and security teams within the Cybersecurity department and the product teams engaged in order to build successful and fruitful partnerships focused on a proactive, multi-layered approach to risks inherent to Mobile Security.
- Develop tools to help support our scalability efforts and path towards automation of some security controls.
- Develop mobile security guidelines, requirements and standards for mobile product development, as well as enterprise mobile deployment and proactively mitigate risks associated with information security.
- Analyze security gaps in mobile technologies and frameworks that lack standard validation methodologies and incorporate remediation practices to reduce risk posture of Visa products and assets.
- Develop tools and frameworks required performing advanced and complex mobile security assurance and ethical hacking activities.
- Research on mobile and IoT platform releases, capabilities and functionalities to understand new technologies and establish mobile security standards.
- Define, implement and scale consistent mobile security practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value, and mitigate the risks associated with information security.
- Integrate architectural risk assessment and threat modeling of large-scale enterprise applications and infrastructure into Cybersecurity processes, to identify and reduce risk associated with information security in a timely manner.
- Ensure end-to-end security of Visa products by means of hands-on-testing, threat hypothesis, risk remediation advises and championing secure implementation efforts.
- Improve secure coding practices, application security requirements, automation, training, and metrics.
- Build strong cross-organizational relationships, and effectively influence staff across the IT organization, and broader enterprise.
- Collaborate with product development and solution teams proactively, to manage software security risk aligned with business goals.
- Collaborate with product and solution teams to achieve Cybersecurity software security program objectives.
- Define and implement a simplified security metrics approach that enables executive leaders, line leader, and operational staff to quickly take action on application security related risks.
- Collaborate with all internal and third party application development teams to define an enterprise set of “reasonable” security controls that will protect company brand from real or perceived security breaches.
- Build secure products and standards around emerging technologies and fields lacking existing standards and security practices.
- Develop and optimize processes to improve software development efficiency in the consumption of security development practices. Utilizes graduate-level research and analysis skills.
- Master’s degree in Computer Science, Electrical Engineering or a related technical discipline;
- 6 to 9 years of experience in the Information Security, Cybersecurity or any related field.
- MUST have a deep understanding of OWASP Top 10 and CWE 25 with a proven track record and experience in implementing and integrating remediation strategies within a corporate environment.
- MUST understand the inner workings of mobile applications and platform security concepts on Android and iOS; deep understanding of those platforms, and advanced concepts related to SDKs and mobile wallets are necessary requirements.
- Deep understanding of web application security, development frameworks and web protocols.
- Excellent penetration testing, application risk assessment and risk categorization skills, including but not limited to, reverse-engineering, network interception and manipulation, offensive and defensive attacks, as well as database and cross-site scripting injection attacks.
- Candidates with experience in the following tools/technologies should apply: Burp Suite, IDA Pro, APKTool, Hopper, Frida, CheckMarx (SAST/DAST), Cycript, XPosed, Charles, dex2jar, Kali Linux, Wireshark or any mobile security and/or penetration testing tools or frameworks.
- Candidates should be familiar with the agile development process and have experience integrating secure development practices into the model efficiently.
- MUST be a highly effective communicator and irreproachable writer in English.
- Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Self-motivated and able to work independently.
- Experience with working with remote colleagues is a plus.
- Demonstrated leadership qualities, flexibility, adaptability to changes in roles and responsibility as required.
- Excellent operational skills; quality and results oriented.
- Strategic thinker; visionary; innovative
- Strong client service orientation.
- Able to negotiate and bring consensus to diverse priorities of product development and solution teams.
- Success in implementing effective Secure SDLC frameworks across a large corporation or ability to demonstrate experience in doing so.
- Bi/multi-lingual would be a plus.
All your information will be kept confidential according to EEO guidelines.