Incident Response Sr. Cyber Security Analyst

  • Ashburn, VA, USA
  • Full-time

Company Description

Common Purpose, Uncommon Opportunity.  Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team.  As a global payments technology company, tech is at the heart of what we do.  CyberSource, a Visa company, has been and continues to be a pioneer within the e-Commerce Payment Management world. Our VisaNet network is capable of handling over 65,000 transaction messages per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.

Job Description

Job Description

Information security is an integral part of Visa's corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, which is why Visa has made it a priority to create top-tier security operations and incident response teams to defend the company against evolving cyber threats. If you would like to join a company where security is truly valued, where you can work with like-minded peers who are passionate about the art & science of cyber defense, and where you can use state of the art tools for maximum impact, then we have a home for you.


The successful candidate will be responsible for providing cyber incident response subject matter expertise while collaborating on numerous security projects and operational improvement initiatives. This position will support the operational activities of Jr. level cyber analysts while helping to develop the team’s investigative skillset.  The successful candidate with champion incident response enrollment requirements to ensure operational effectiveness and alert fidelity. In addition, this position will be responsible for continuously identifying gaps and manage improvements in security response process, technologies, and monitoring. Working closely with architecture, engineering and project management teams, the successful candidate will ensure cyber-defense requirements are identified and communicated early in the Cyber Threat life-cycle.


  • Support cyber incident response actions to ensure proper assessment, containment, mitigation and documentation
  • Support cyber investigations and contribution to large and small-scale computer security breaches
  • Review and analyze cyber threats and supply SME support and training to junior level security analysts
  • Interact and aid other investigative teams within Visa on time sensitive, critical investigations
  • Participate as part of a close team of technical specialists on coordinated responses and remediation of security incidents
  • Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud and on-premise based applications, services and platforms
  • Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations and supply support through to implementation
  • Act as a liaison between cyber-defense, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements
  • Work with colleagues in other technology departments as well as the business and product offices to establish effective, productive business relationships
  • Define baseline security monitoring requirements for all new projects, services and applications joining the Visa network
  • Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting
  • Perform Cloud-based log aggregation, correlation, and alerting using commercial and open source tools
  • Effectively address system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)  and mitigate DDoS techniques via multiple mechanisms
  • Work within various operating systems, network services and applications showing an understanding of logging components and capabilities
  • Assist with Web Application Firewall management policy rules combined with process and workflow




  • 10 years of experience with a Bachelor's Degree, or 8 years of experience with an advanced degree (MBA, Masters) or 3 years with a Ph. D
  • Demonstrated experience in an enterprise-level incident response team or security operations center. Direct experience handling advanced cyber security incidents and associated incident response toolset



  • 3 - 5+ years of related experience in security, network, or cyber engineering or computer network defense  
  • Relevant security related certifications a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM
  • Proven subject matter ability in relevant areas, such as incident response, intrusion analysis, incident handling, malware analysis (including network attack vectors and YARA RegEx), web security or security engineering
  • Strong working knowledge of common security tools, such as a SIEM, AV, scanners, proxies, WAF (policies rules, process and workflow), netflow, IDS or forensics tools
  • Strong interpersonal and leadership skills when building credibility as a peer as well as in presenting analytical data effectively to varied (including executive) audiences
  • Strong understanding of cloud technologies and related security best practices. Experience handling security incidents in the cloud.

Additional Information

Work Hours

  • Incumbent must make themselves available during core business hours.

Travel Requirements

  • This position requires the incumbent to travel for work less than 5% of the time.


Mental/Physical Requirements

  • This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.


Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law. 

All of your information will be kept confidential according to EEO guidelines.


Privacy Policy