Cyber Security Engineer - Token ID - Level 4
- Rotterdam, Netherlands
Fascinated by the future and captivated by technology?
Smart, driven and want to make a difference in the world?
You’ll fit right in.
Our mission is to connect the world through the most innovative, reliable and secure digital payment network that enables individuals, businesses and economies to thrive.
Individuality fuels our brand and our global team – we’re proud that we are a talented team of 15,000 individuals with unique backgrounds, perspectives and experiences. Therefore, we understand that you are much more than your day job. We encourage quality of life outside of the office, whether it’s taking advantage of agile work schedules or our wellness programs, Visa respects and encourages meaningful work/life balance for everyone. In addition, we offer market leading salary and have a fantastic benefits offering.
So, if you’re not satisfied with the status quo, we can satisfy your desire to explore new territory, giving you the runway to really make an impact, whilst connecting you with teams around the world in a truly inclusive culture that celebrates our uniqueness.
Token ID is a Visa company.
What’s it all about?
Cybersecurity is at the beating heart of our culture. Our diligence and expertise are what make us the undisputed leader in electronic payments. We’ve made it our priority to create top-tier security operations and incident response teams, poised to defend us against any potential cyber threats.
We’re looking for those of you who are inherently driven and fascinated by the art and science of cyber defense. We’ll arm you with the very best tools and tech so that you can deliver top-notch results
Token ID, a Visa solution, has payments related, PCI DSS compliant deployments on AWS and VISA Data Centres (DC). It is also acting as a product vendor for on-premise deployments for its products. This role is expected to analyze IAM and VISA Key Control Gaps and help Token ID teams to pass the security gateways that VISA global Cyber Security teams create and track. It is also expected to triage any kind of security findings coming from static code scan tools, dynamic code scan tools, network scanning, perimeter scanning, third-party library scanning, penetration tests, and bug bounty sessions. After triaging, working closely with respective teams to remediate the accepted security findings and track the progress is crucial.
The role also includes the support and tuning of WAF security solutions with duties involving administration, engineering, and operations as well as integration with other solutions as required. Act as the first point of contact, interacting directly with developers and other stakeholders to document and address incidents and other reported issues. Working with on-premise F5 (BIG-IP) WAF highly available clusters is expected.
This role is going to be part of Token ID’s Software Security Group (SSG) and report to the Director of Engineering.
What we expect of you, day-to-day
- Triage, mitigate, and escalate the security scan findings coming from static code scan tools, dynamic code scan tools, network scanning, perimeter scanning, third-party library scanning, penetration tests, and bug bounty sessions
- Identity and Access Management (IAM) is a key technology pillar at Visa, responsible for providing secure access to misc. payment-related applications and services from a variety of users (employees, businesses, and customers across). To stay ahead of the rapidly changing security landscape especially with globalization of Visa's business and newer form factors of access via new devices, IoT, etc., has a direct impact on IAM Services. You are expected to align with global VISA IAM teams and put in place all the required key controls, analyze the gaps if there are any and take an active role in the corrective actions by escalating timely-manner and working with internal Token ID stakeholders
- Establish strong engineering best practices and governance for Token ID, design solutions in areas such as Staff onboarding / offboarding, enforcement of VISA Key Controls, Privileged Access Management (PAM), Application Access Governance, Automated provisioning, User Access Reviews, Using services such as SSO and MFA
- Perform gap assessments and create roadmaps covering the end-to-end delivery of the IAM solutions
- Liaise with the number of Cyber Security teams, IT, business stakeholders, conduct workshops, and lead the design and implementation of the solutions.
- Take responsibility for working with assigned technology streams and business-led projects assigned to you to ensure they are aligned with Visa’s Security Policies, Technical Security Requirements, and other required internal/external standards
- Leading and contributing to the security posture & assessment of Token ID’s networks, systems, data center infrastructures, cloud architectures, and solutions.
- Developing, contributing, and management of ensuring the delivery of Security Requirements, Security Standards, and alignment to our technology roadmaps. Applying security framework principles to developed/proposed security solutions
- Providing strategic points of view for security solutions
- Driving security technologies evaluation process, proof-of-concepts, and production pilots with business and cyber technology partners
- Staying current with security technologies and making recommendations for use based on business value
- Advising leadership on Cybersecurity issues, systems, processes, products, and services
- Provide oversight of the design and implementation of IT systems & services to ensure appropriate and effective security controls are included
- Contribute to the definition of overall IT architecture from a cybersecurity lens
Thinking about careers differently...
At Visa we are passionate to offer our employees compelling career growth opportunities. As such, even if you don’t have experience of this function there could be skills or experiences which would transfer well.
For this role the key skills required are...
- Bachelor’s degree in engineering, computer science, information security, or information systems, or equivalent professional experience
- Moderate to significant Cybersecurity, engineering, design and or consulting(technical) experience in Networks, Data Centre Systems, and Cloud Infrastructure and Platforms (IaaS security, PaaS security)
- Working experience with the following security technologies: Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions
- Solid understanding of and ability to speak to security principles in areas such as network, systems, virtualization, cloud technologies, access control
- Comprehensive Cybersecurity consulting and security assessment experience in a relevant industry
- Display great problem-solving skills - this coupled with the tenacity and resilience to resolve issues
- Hands-on experience and a strong understanding of technology and enterprise security
- Experience with compliance, regulatory and legal requirements relevant to the payments processing industry such as PCI, SOX, and GDPR
- Experience with secure code development methodologies is a plus
- Strong understanding of relevant industry principles, best practices, and standards, such as PCI, NIST, ISO, IEEE, and TCG
- Ability to convey security concepts related to cybersecurity events to both technical and non-technical audiences
- Experience with IDS/IPS, Endpoint protection, Network Security, WAF, Sandboxing and analysis toolsets
- Own IAM part of the business and implementation tracks from concept to production operationalization
- Extensive knowledge of Web Application Firewall (WAF) configuration and management. F5 (BIG-IP) WAF experience is a big plus
- Solid understanding of web-based technologies including multi-tier applications and security standards (TLS, REST/SOAP, SAML, OAUTH, OIDC, WS-Trust, JWT, JWE, JWS, HTTP security headers, CORS etc.)
- Strong understanding of TCP/IP, web protocols and networking concepts
- Expertise in one or more areas such as operating systems, web services, programming languages, network devices, application vulnerabilities, and attack vectors
- Excellent Logical and Practical understanding of SSDLC
- Solid understanding of Incident Response Process
- Prior experience in Security Operations and Incident Response
- Expertise on the security of Public Cloud, like AWS is a plus.
- OSCP (Offensive Security Certified Professional) is a plus
- Experience with PAM solution like Centrify
- Experience with Identity as a Service solution like Idaptive
- Experience with LDAP, AD and ADFS
- Experience with Unix and Windows Systems
- Experience with AWS IAM is a big plus
- Preferred - security operations experience but candidates with Forensics or Penetration Testing background will also be considered
Think you have what it takes?
If you are interested in a career that will challenge and inspire you – we’d love to hear from you!
Diversity & Inclusion
Universal acceptance for everyone, everywhere, is not only our brand promise, it’s the foundation of our company culture. We foster a feeling of connectedness in the workplace, support diversity of thought, culture and background, fight for important initiatives like Equal Pay and actively work to eliminate unconscious biases that hold us all back.
By leveraging the diverse backgrounds and perspectives of our worldwide teams, Token ID is a better place to work and a better business partner to our clients.