As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.
You're an Individual. We're the team for you. Together, let's transform the way the world pays.
Visa's Digital and Developer Platform (DDP) team is building a new generation of products to facilitate commerce in everyone's digital and mobile lives. Our focus is to build intuitive features that expose profound new value for our customers, merchants and developers.
DDP is looking for a Lead Security Automation Engineer focused on building and evolving security capabilities around digital and mobile products. Security is central to Visa and requires deep cross functional collaboration between architects, developers, and engineers. The Lead Security Automation Engineer will be part of the DDP Security Automation Team focused on delivering innovative and secure implementations to the product line. Visa is looking for an innovative security champion who can solve complex security problems and develop a security automation framework.
You will provide technical leadership when it comes to digital and mobile security. You are expected to work closely with other architects, developers and operators to deliver a security solution using hands-on experience in rolling security solutions and services. You need to be a self-starter, a quick learner of new technologies and have experience in product security such as secure application design, static code analysis and web/mobile application vulnerabilities. You will be hands-on and a critical part of the engineering team for a high-performance product security automation framework development, evangelism, and maintenance
Lead DDP's security operations and governance
Participate in all stages of development from design through implementation
Understand current security posture of product ecosystem and specifics for DDP's solutions
Evaluate cutting edge security technologies, drive towards adoption, create proof-of-concept and frameworks
Partner with Visa Security teams and enable enterprise wide security capabilities for DDP's services, solutions and ecosystems
Collaborate with cross-functional leads to influence industry standards adoption
Integrate security capabilities with other security pillars that include identity access management, data protection, network security and application security
Advise leadership on Security issues, systems, processes, products, and services
Work with cross-functional experts to set strategic direction for Application and Infrastructure Security
12-15 years of work experience with a Bachelor's Degree or 8-10 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 6+ years of work experience with a PhD
BS or MS in Computer Science, Engineering or Information Systems Management with a Security concentration and 10 or 8 years respectively of industry experience
Strong problem solving and analytical skills
Ability to quickly digest any issue/problem encountered and recommend an appropriate solution
Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations
Proven experience in developing and/or architecting complex web/mobile applications with backend services expertise such as API Gateway, Identity and Access Management Services, Data Deep knowledge of protection technologies, Security Information Event Management
Previous experience with cyber security, HIDS/NIDS, Networking, WAFs, Edge/endpoint security, DNS security, Cryptography, layered security, defense in depth practices
Well versed with J2EE ecosystem with hands on knowledge of core java, Spring, Cryptography, Hibernate, Kafka, Maven, etc.
Hands on experience in using Penetration Testing or Dynamic Application Security Testing Tools (Burp suit, Vega, Wapiti, W3af, SQLMap or commercial products Acunetix/Netsparker/Metasploit) is a must
Solid understanding OWASP top 10, SANS top 25 threats, expert in threat modeling, and tools used
Knowledge of cryptographic systems running on mobile devices and mobilized services
Technical experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, etc.
Experience of smartphone platforms (iOS, Android) and mobilized services
Knowledge in payment services and systems is a plus
Knowledge payment compliance and standards (PCI DSS, FFIEC, NIST Security Standards) is a plus
Industry security certifications (i.e. CISSP, CISSP-ISAAP, CISA, CISM) is a plus
Work Hours This position requires the incumbent to be available during core business hours.
Travel Requirements This position requires the incumbent to travel for work 10% of the time.
Mental/Physical Requirements This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, and reach with hands and arms.
EEO Statement Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.