Senior Cyber Security Engineer ( Web Application Security )

  • Bengaluru, Karnataka, India
  • Full-time

Company Description

Company Description

Common Purpose, Uncommon Opportunity.
Everyone at Visa works with one goal in mind – making sure that Visa is the
best way to pay and be paid, for everyone everywhere. This is our global vision
and the common purpose that unites the entire Visa team. As a global payments
technology company, tech is at the heart of what we do: Our VisaNet network
processes over 13,000 transactions per second for people and businesses around
the world, enabling them to use digital currency instead of cash and checks. We
are also global advocates for financial inclusion, working with partners around
the world to help those who lack access to financial services join the global
economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup,
celebrate teamwork, diversity, and excellence throughout the world. If you have
a passion to make a difference in the lives of people around the world, Visa
offers an uncommon opportunity to build a strong, thriving career. Visa is
fueled by our team of talented employees who continuously raise the bar on
delivering the convenience and security of digital currency to people all over
the world. Join our team and find out how Visa is everywhere you want to be.

Job Description

Description

Candidate will develop, support, tune and deploy security solutions across Visa.  Primary day-today job duties involve –

  • Web and Database Application Security: Engineering, deployment, and operations of security solutions, including Database Activity Monitoring and Web Application Firewall, as well as integration of those platforms with other solutions as required.
  • Application Logging: Enrolling log sources, administration, Content development and working with our logging solutions customers/stakeholders across the globe. Working with commercial and Opensource solutions such as Splunk, ArcSight, IBM QRadar, Sumologic, Imperva, ELK Stack
  • Security Software Development: Scripting and Development in Python,  Shell scripting and development in other languages

Responsibilities

Web and Database Application Security:

  • Engineers, configures, deploys, and maintains Web Application Firewall solutions
  • Develops advanced scripts for manipulation of multiple data repositories to support analyst requirements
  • Develops advanced alerts/reports to meet the requirements of key stakeholders
  • Develops scalable security management tools and processes
  • Develops automation for security tools management and workflow integration
  • Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs
  • Creates WAF rules to mitigate threats and implements best practices

Application Logging:

  • Lead logging enrollments from multi-tier applications into the enterprise logging platforms
  • Develop specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
  • Develops advanced scripts for manipulation of multiple data repositories to support analyst requirements
  • Develop advanced reports to meet the requirements of key stakeholders
  • Develop scalable security management tools and processes
  • Engineers, configures and deploys Enterprise SIEM/SEM solutions on Prem and in the Cloud
  • Develop automation for security tools management
  • Collaborate with key stakeholders within   Cyber Security to develop specific use cases to address specific business needs
  • Collaborate with application owners to define and establish logging standards to address various governance requirements.

Qualifications

Over 6 years of experience in Cybersecurity space.

 Development Experience:

  • Expert Python Scripting, Perl, Shell scripting. Development experience in C++, Java, Java Script.
  • Excellent experience with Regular Expressions

 Application Security:

  • Knowledge of SSDLC processes
  • Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
  • Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks. 
  • Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
  • Experience with Web Application Firewall management and rules
  • Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
  • Excellent understanding of common network and web protocols
  • Excellent understanding of DDoS techniques and mitigation mechanisms

Cloud Security:

Application Logging:

  • Expertise in Log aggregation, Correlation and alerting using commercial and Opensource tools such as Apache Metron , OSSEC , ELK Stack
  •  Experience in administration of commercial and Opensource SIEM solutions such as LogRhythm  Splunk, IBM QRadar or McAfee

Cyber Defense and Incident Response:

  • Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
  • Prior experience in Security Operations and Incident Response
  • Excellent understanding of Cyber Security Operations, Incident Response processes

Infrastructure management and support:

  • System administration experience in a Windows and Unix environment
  • Experience working in a large enterprise environment
  • Experience integrating solutions in a multi-vendor environment
  • Familiarity with Atlassian JIRA

Database Security:

  • Experience in database security and administration (Oracle, MySQL/SQL, DB2)
  • Experience working with Big Data platforms/non-relational databases
  • Experience working with Hadoop
  •  Experience developing Data Analytics/Anomaly detection algorithms.

Educational, Certifications and Other:

  • Excellent communication skills
  • Excellent team player
  • CISSP, SANS GPEN, SANS GXPN, SANS GIAC, SANS GREM, AWS Security ,OSCP (Offensive Security Certified Professional ) is a Plus
  • Bachelor’s degree in engineering, computer science, information security, or information systems

 

Additional Information

Think you have what it takes?

If you are interested in a career that will challenge and inspire you – we’d love to hear from you!

Diversity & Inclusion

Universal acceptance for everyone, everywhere, is not only our brand promise, it’s the foundation of our company culture. We foster a feeling of connectedness in the workplace, support diversity of thought, culture and background, fight for important initiatives like Equal Pay and actively work to eliminate unconscious biases that hold us all back.

By leveraging the diverse backgrounds and perspectives of our worldwide teams, Visa is a better place to work and a better business partner to our clients.

All your information will be kept confidential according to EEO guidelines.

 

All your information will be kept confidential according to EEO guidelines

Privacy Policy