As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.

At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.

You're an Individual. We're the team for you. Together, let's transform the way the world pays.

Cybersecurity is at the beating heart of our culture. Our diligence and expertise is what makes us the undisputed leader in electronic payments.  We’ve made it our priority to create a top-tier Security Architecture team, poised to defend us against any potential cyber threats. We’re looking for those of you who are inherently driven and fascinated by the art and science of cyber defense. We’ll arm you with the very best tools and tech so that you can deliver top notch results. Development underpins job fulfilment at Visa. As Chief Security Architect, you’ll be enthused by getting stuck into various defense and security sector related projects, as well as the chance to work with people from a range of disciplines, as well as colleagues and clients at every level. So what do we expect of your day to day?

 Essential Functions

• Be a product security champion by driving Security Architecture and Design/implementation/optimization for Web, API and Mobile backend applications across Visa.
• Engage in the initial requirements definition (including analysis of threats and risks and alignment with Visa security, Engineering, IT and Architecture standards.
• Conduct and facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
• Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's; and plan the resolution of any identified vulnerabilities/issues.
• You’ll be working on enabling/building security on various platforms and technologies which protect the applications from attacks like:
  • Payment processing platforms, Payment Wallet solutions, Consumer facing applications, COTS products deployed in house, public clouds, Issuer/Acquirer facing platforms and applications, white labelled solutions for partners.
  • zTPF, zOS, MVS, Linux, Windows, VMWare, Openstack, SDN, Public cloud like AWS, Google
  • Cybersecurity tools like IDS, SIEM, Tripwire, Tanium, Netwitness, Netflow, WAF
  • HSMs, Tokenization systems, data encryption solutions from Safenet, Vormetric etc
  • Web technologies like HTTP, SOAP, REST services, AJAX
  • Databases like Oracle, MS SQL, Couchbase, Cassandra, Riak, Aerospike
  • Programming languages like Java, C, C++, .Net, Javascript, GoLang, ErLang, Cobol etc
  • Caching services like Kafka, Coherence, MQ
  • Big-data like Hadoop
  • Web Access Management solutions like Forgerock, Siteminder, Custom/in-house Security Frameworks
• Automate security tools and processes ensuring innovation and advancement strategies that keep pace in the areas of access control, security-in-depth, secure transaction processing, secure coding practices for web and mobile applications.

• Expert in Hadoop open source software (OSS) and has good hands-on understanding in both development and security
• Analyze and track development process, proactively monitor OSS security efforts and approach can go a long way in being prepared to handle open source security risks.
• Actively participate and work very closely with Apache CVE community (https://cve.mitre.org) and update incident response team specifically to monitor threats and vulnerabilities.
•  Build automation to Integrate and orchestrate existing security tools so we can quickly resolve damaging malware infections.
• Demonstrable experience on Big data security with experience designing secure applications for Relational, NoSQL, In-Memory database(s), Hadoop, Kafka etc.
• Locating the updated version, patch, or fix to address the security risk is a time-consuming and expensive process.
• Facilitate communication with cross-functional groups.
• Work with product organization to develop secure business requirements, develop the security architecture and integrate into our longer term platform strategy.
• Define solution level security architecture for project and and conformance to Visa's security standards.
• Work directly with project development teams to enable successful project implementation applying the recommended security tools, technologies and techniques. Provide expertise to project team engineers as needed.
• Stay up to date on new security tools & techniques in the information security space.
• Conduct proof of concept activities with key business users in support of advanced use cases.

• Help business and product team to achieve various compliance certifications like PCI, FFIEC etc.
• Be responsible for overall planning, direction and oversight of multiple projects, products, services or functions.
• Identify and analyze system and application level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable and manageable level.
• Independently formulate direction, design or oversight for the development of major Enterprise-wide programs or plans that have significant impact on the success of the organization
• Conduct in-depth technical reviews of enterprise systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
• Provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by Industry standards.
• Lead organizing and mentoring junior and intermediate level engineers/architects

Basic Qualifications

• 12 years of work experience with a Bachelor’s Degree; 10 years of work experience with an Advanced degree (e.g. Masters/MBA/JD/MD); or a minimum of 5 years of work experience with a PhD
• Minimum of 15 years of experience in architecting, designing and developing large enterprise class applications with increasing responsibilities.
• A minimum of 7+ years of security architecture experience working with large scale transaction processing eco systems.

Preferred Qualifications

• The Ideal candidate will also have one or more of the following certifications: CISSP, CISM, CEH, SANS/GIAC.
• Experience working to secure Payment Authorization ( ISO 8385 messages), Payment Authentication (3-D Secure), and Payment Tokenization eco-systems.
• Proven ability to build Threat Models and analyze security weaknesses in complex deployments with varying technology stack
• Deep experience in architecting mission critical application(s) with at least $100 Million annual revenue.
• Proficient in Java/J2EE technology with experience in building highly available secure application.
• Expertise in securing the integration of multiple environments across on-premise, multi-cloud, and hybrid architectures. Strong understanding of application and network security.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

Knowledge in cybersecurity team for Mergers and Acquisitions is a strong plus for this role.
 

Work Hours

• Incumbent must make themselves available during core business hours.

Travel Requirements

• This position requires the incumbent to travel for work “0-5%” of the time

Physical Requirements

This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.