Sr. Cyber Security Engineer- Application

  • Full-time
  • Job Family Group: Technology and Operations

Company Description

As the world’s leader in digital payments technology, Visa’s mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.

At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.

You’re an Individual. We’re the team for you. Together, let’s transform the way the world pays.

Job Description

Visa's Cyber Security team is looking for a Cybersecurity AppSecOps engineer with expertise in Product Security domain, who will be responsible to support consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigate.  . Very strong application security and web application development experience and team leadership skills are a must to support in-house product development. . In this position, you are a passionate and talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities and best practices design and threat modeling skills who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames and be willing to go beyond the standard routine. your primary responsibilities include:

 

·        Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services

·        Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations

·        Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team

·        Responsible for security product QA and Testing

·        Build strong relationships with product development teams

·        Improve the accessibility of security through automation, continuous integration pipelines, and other means

·        Understand existing processes and identifying how to improve and streamline them in order to improve team efficiency and effectiveness

·        Visa's Cyber Security team is looking for a Cybersecurity engineer with expertise in Application Security domain, who will be responsible to define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that application security vulnerabilities are mitigate. Very strong application security and web application development experience and team leadership skills are a must. In this position, you are a passionate and talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management software vulnerabilities and best practices design and threat modeling skills who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames and be willing to go beyond the standard routine. your primary responsibilities includes:

 

·        Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services

·        Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations

·        Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team

·        Responsible for security product QA and Testing

·        Build strong relationships with product development teams

·        Improve the accessibility of security through automation, continuous integration pipelines, and other means

·        Understand existing processes and identifying how to improve and streamline them in order to improve team efficiency and effectiveness

Qualifications

5 years of work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD degree

PREFERRED QUALIFICATIONS:

·        8 years of experience with Bachelor's degree or 2-3 years of experience with Master's degree in Computer Science, Mathematics, Physics, or equivalent

·        Bachelor degree in Computer Science or related field and 2 -4  years of Software Development Experience

·        2-3 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline, at least 2 years of Software Development experience

·        Hands on experience with Software Development Java / C# / C++, JavaScript and HTML,

·        MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies

·        Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment

·        Well versed in web application design, penetration testing, application risk assessment and risk categorization

·        Well versed (experience preferred) with driving and implementing DevSecOps practices in to develop ability to successfully integrate security into a developers world

·        Success in implementing supporting AppSecOps Systems for enterprise and its acquired entities

·        Experience in managing application security testing tools like SAST, DAST and Open Source Vulnerability Scanning

·        Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies

·        Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.

·        Deep knowledge and experience in using SAST, DAST and fuzz testing tools

·        Highly effective communicator; well-honed influencing and negotiating skills

·        Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.

·        Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams

Additional Information

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.

All your information will be kept confidential according to EEO guidelines.

Privacy Policy