- Foster City, CA, USA
As the world’s leader in digital payments technology, Visa’s mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.
You’re an Individual. We’re the team for you. Together, let’s transform the way the world pays.
Visa's Cyber Security team is looking for a Cybersecurity engineer with expertise in Application Security domain, who will be responsible to define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigate. Very strong application security and web application development experience and team leadership skills are a must. In this position, you are a passionate and talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities and best practices design and threat modeling skills who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames and be willing to go beyond the standard routine.
- 2 years of work experience with a Bachelor’s Degree or an Advanced Degree (e.g. Masters, MBA, JD, MD, or PhD)
- 4-5 years of experience with Bachelor's degree or 2-3 years of experience with Master's degree in Computer
- 2-3 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience
- Excellent knowledge on Web Application Security, Threat Modelling and OWASP.
- Strong knowledge of deep design review and Secure Development Lifecycle methodologies, Agile based methodologies, middleware platforms, development platforms (Java, C, C++, .NET etc.).
- Strong knowledge of data protection concepts and cryptographic fundamentals, encryption algorithms
- Technical experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, etc.
- Be a product security champion by driving Security Architecture and Design, implementation and optimization for Web, API and Mobile backend applications across Visa.
- Engage in the initial requirements definition including analysis of threats and risks and alignment with Visa security, Engineering, IT and Architecture standards.
- Conduct and facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
- Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's; and plan the resolution of any identified vulnerabilities/issues.
- You’ll be working on enabling/building security controls which protect the applications from attacks on various platforms and technologies, like:
- Linux, Windows, VMWare, Openstack, SDN, Public cloud like AWS, Google
- Web technologies like HTTP, SOAP, REST services, AJAX
- Databases like Oracle, MS SQL, MySQL, Redis, Cassandra
- Caching services like Hazelcast, Coherence, and messaging systems like Kafka, MQ
- Web Access Management solutions like Forgerock, Siteminder, Custom/in-house Security Frameworks
- Cybersecurity tools like IDS, SIEM, Tripwire, Tanium, Netwitness, Netflow, WAF
- HSMs, Tokenization systems, data encryption solutions from Safenet, Vormetric etc
- Automate security tools and processes ensuring innovation and advancement strategies that keep pace in the areas of access control, security-in-depth, secure transaction processing, secure coding practices for web and mobile applications.
- Help business and product team to achieve various compliance certifications like PCI, FFIEC etc.
- Identify and analyse system and application level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable and manageable level.
This position requires the incumbent to be available during core business hours
This position requires the incumbent to travel for work “0-5%” of the time
This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.