Job DescriptionCandidate will develop, support, tune and deploy security solutions across Visa.
Essential Functions:
- Web Application Security: Engineering, deployment, and operations of security solutions, including Web Application Firewalls, as well as integration of those platforms with other solutions as required.
- Security Software Development: Scripting and Development in Python, Shell scripting and development in other languages.
- Engineers, configures, deploys, and maintain Web Application Firewall solutions.
- Develop scripts for manipulation of multiple data repositories to support analysts.
- Develop alerts/reports to meet the requirements of key stakeholders.
- Develops automation for security tools management and workflow integration.
- Collaboration with key stakeholders within Cybersecurity Engineering teams to develop specific use cases to address web and application security requirements.
- Creates WAF rules to mitigate threats and implement security best practices.
- Develop and enhance SIEM content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately illustrate and characterize web application attacks and mitigation mechanisms.
Application Security:
- Knowledge of SSDLC processes, procedures, and tools.
- Knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools.
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks such as Broken Object Level Authorization (BOLA).
- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms.
- Strong experience with Web Application Firewall management and rules.
- Excellent understanding of common network and web protocols.
- Excellent understanding of DDoS, Bot, and ATO techniques and mitigation mechanisms.
Cyber Defense and Incident Response:
- Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
- Prior experience or support of Security Operations and Incident Response.
- Excellent understanding of Cyber Security Operations and Incident Response processes.
Infrastructure management and support:
- System administration experience with Windows and Unix servers.
- Experience working in a large enterprise environment.
- Experience integrating solutions in a multi-vendor environment.
- Familiarity with Atlassian JIRA.
This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.
Visa requires at least 3 days in office, expectations of these days will be confirmed by your Hiring Manager.
QualificationsBasic Qualifications
• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience
Preferred Qualifications
• 3 or more years of work experience with a Bachelor's Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• Experience with one or more: Akamai, AWS CloudFront, Cloudflare, or other CDN solutions
• Experience with one or more of the following: Imperva WAF, F5 WAF, and CDN Firewall
• Experience with API Security solutions such as Imperva API Anywhere, Cloudflare API Shield, or other similar solutions
• Web Application Firewall Experience (Must have), Experience with one or more of the following: SecDevOps Experience
• Expertise in one or more of the following: Python, Perl, shell scripting, C++, Java, Java Script
• Excellent experience in creating Regular Expressions for security polices and rules
• Experience in maintaining and enhancing infrastructure as code with one or more of the following: CloudFormation, Terraform, Chef, Puppet, Jenkins, CodeDeploy
• Experience with using knowledge management and code repositories with GitHub, Gitlab, Jira, and Confluence
• Experience with Lambda, API Gateway, API Security controls including API Inventory, Runtime detection of threats, and Offensive Security testing or API DAST
• Experience with API Security solutions such as Imperva API Anywhere, Cloudflare API Shield, or other similar solutions
U.S. Applicants OnlyThe estimated salary range for this position is $123,700.00 to $ 191,300.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity.Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401(k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.
Work HoursVaries upon the needs of the department.
Travel RequirementsThis position requires travel 5-10% of the time.
Mental/Physical RequirementsThis position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.
