About UsVisa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.
At Visa, you'll have the opportunity to create impact at scale - tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world.
Join Visa and do work that matters - to you, to your community, and to the world. Progress starts with you.
Job DescriptionCandidate will develop, support, tune and deploy security solutions across Visa.
Essential Functions:
- Web Application Security: Engineering, deployment, and operations of security solutions, including Web Application Firewalls, as well as integration of those platforms with other solutions as required.
- Security Software Development: Scripting and Development in Python, Shell scripting and development in other languages.
- Engineers, configures, deploys, and maintain Web Application Firewall solutions.
- Develop scripts for manipulation of multiple data repositories to support analysts.
- Develop alerts/reports to meet the requirements of key stakeholders.
- Develops automation for security tools management and workflow integration.
- Collaboration with key stakeholders within Cybersecurity Engineering teams to develop specific use cases to address web and application security requirements.
- Creates WAF rules to mitigate threats and implement security best practices.
- Develop and enhance SIEM content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately illustrate and characterize web application attacks and mitigation mechanisms.
Application Security:
- Knowledge of SSDLC processes, procedures, and tools.
- Knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools.
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks such as Broken Object Level Authorization (BOLA).
- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms.
- Strong experience with Web Application Firewall management and rules.
- Excellent understanding of common network and web protocols.
- Excellent understanding of DDoS, Bot, and ATO techniques and mitigation mechanisms.
Cyber Defense and Incident Response:
- Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
- Prior experience or support of Security Operations and Incident Response.
- Excellent understanding of Cyber Security Operations and Incident Response processes.
Infrastructure management and support:
- System administration experience with Windows and Unix servers.
- Experience working in a large enterprise environment.
- Experience integrating solutions in a multi-vendor environment.
- Familiarity with Atlassian JIRA.
This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.
Visa requires at least 3 days in office, expectations of these days will be confirmed by your Hiring Manager.
QualificationsBasic Qualifications
• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience
Preferred Qualifications
• 3 or more years of work experience with a Bachelor's Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• Experience with one or more: Akamai, AWS CloudFront, Cloudflare, or other CDN solutions
• Experience with one or more of the following: Imperva WAF, F5 WAF, and CDN Firewall
• Experience with API Security solutions such as Imperva API Anywhere, Cloudflare API Shield, or other similar solutions
• Web Application Firewall Experience (Must have), Experience with one or more of the following: SecDevOps Experience
• Expertise in one or more of the following: Python, Perl, shell scripting, C++, Java, Java Script
• Excellent experience in creating Regular Expressions for security polices and rules
• Experience in maintaining and enhancing infrastructure as code with one or more of the following: CloudFormation, Terraform, Chef, Puppet, Jenkins, CodeDeploy
• Experience with using knowledge management and code repositories with GitHub, Gitlab, Jira, and Confluence
• Experience with Lambda, API Gateway, API Security controls including API Inventory, Runtime detection of threats, and Offensive Security testing or API DAST
• Experience with API Security solutions such as Imperva API Anywhere, Cloudflare API Shield, or other similar solutions
U.S. Applicants OnlyThe estimated salary range for this position is $123,700.00 to $ 191,300.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity.Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401(k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.
Work HoursVaries upon the needs of the department.
Travel RequirementsThis position requires travel 5-10% of the time.
Mental/Physical RequirementsThis position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.
Visa is an EEO EmployerQualified applicants will receive consideration for employment without regard to race, color religion, sex, national origin, sexual orientation, gender identity, disability or protect veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with the EEOC guidelines and applicable local law.
