Incident Response Cyber Security Analyst
- Ashburn, VA, USA
Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do. CyberSource, a Visa company, has been and continues to be a pioneer within the e-Commerce Payment Management world. Our VisaNet network is capable of handling over 65,000 transaction messages per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.
Information security is an integral part of Visa's corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, which is why Visa has made it a priority to create top-tier security operations and incident response teams to defend the company against evolving cyber threats. If you would like to join a company where security is truly valued, where you can work with like-minded peers who are passionate about the art & science of cyber defense, and where you can use state of the art tools for maximum impact, then we have a home for you.
The successful candidate will be responsible for providing frontline cyber incident response services while contributing to operational improvement initiatives. The candidate will join a team of information security analysts in a global security operations center. These analysts are the primary cyber defenders on the frontline protecting Visa networks and systems. The team is part of a larger cybersecurity organization which is located across multiple geographic sites that is responsible for the comprehensive cyber defense of Visa and its subsidiaries.
- Monitor information security alerts though the use of a Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts
- Utilize sensor data and correlated logs containing IDS/IPS, AV, Windows events, web proxy, and similar data to establish context and to rule-out false positives
- Follow established incident response playbooks and identify and communicate opportunities for improvement
- Support cyber incident response actions to ensure proper assessment, containment, mitigation and documentation
- Mitigate and contain identified threats using approved methodologies when detected. Initiate escalation procedures and incident response processes as defined in operational plans
- Interact and aid other investigative teams within Visa on time sensitive, critical investigations
- Participate as part of a close team of technical specialists on coordinated responses and remediation of security incidents
- Provide feedback to peer teams to enhance the sensor set and improve signature fidelity
- Contribute to projects that enhance the security posture of the enterprise
- Identify trends, potential new technologies, and emerging threats which may impact the business
- Operate and administrate Security Information and Event Management (SIEM) platforms.
- Utilize common security tools, such as a SIEM, AV, scanners, proxies, WAF (policies rules, process and workflow), netflow, IDS or forensics tools
- 3 years of work experience in security, network, or cyber engineering/computer network defense with a Bachelor’s Degree or an Advanced Degree (e.g. Masters, MBA, JD, MD, or PhD)
- Demonstrated experience in an enterprise-level incident response team or security operations center. Direct experience handling advanced cyber security incidents and associated incident response toolset
- Relevant security related certifications a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM
- Strong analytical skills and an ability to quickly learn and adapt to new technologies
- Possess functional knowledge and administrative experience on Windows and Unix/Linux Platforms, as well as TCP/IP, networks (including firewalls, routers, and ACLs)
- Strong working knowledge of malware analysis in its varying forms (including network attack vectors and YARA RegEx),, common delivery mechanisms, and common mitigation steps
- Ability to communicate and collaborate effectively with both technical and non-technical team members in a geographic/culturally diverse, fast-paced workforce.
- Proven subject matter ability in relevant areas, such as incident response, intrusion analysis, incident handling, malware analysis, web security or security engineering and cloud security incident handling/best practices.
- Incumbent must make themselves available during core business hours.
- This position requires the incumbent to travel for work less than 5% of the time.
- This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
All your information will be kept confidential according to EEO guidelines.