Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.
When you join Visa, you join a culture of purpose and belonging - where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world - helping unlock financial access to enable the future of money movement.Join Visa: A Network Working for Everyone. Job Description Essential Functions:
- Help define consistent Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that application security risks are mitigate
- Ensure end-to-end security of Visa products by hands on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts
- Improve secure coding practices, application security requirements, automation, training, and metrics
- Integrate threat modelling practices into the Software Development Lifecycle
- Help build secure products and standards around emerging technologies and using existing standards and security practices
- Perform Security Architecture and Low Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security
- Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
- Collaborate with product and solution teams to achieve Cybersecurity software security program objectives
- Manage cross-functional internal and external team collaboration, evangelization, and communications
- Develop and optimize processes to improve software development efficiency in the consumption of security development practices
- Maintain active understanding of industry practices for secure software development and incident response
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs. Qualifications
- Relevant work experience and a Bachelors degree preferred
- Must have understanding of OWASP Top 10 and CWE 25, and with proven track record and experience in implementing and integrating remediation strategies
- Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline
- Understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment
- Well versed in web application design, penetration testing, application risk assessment and risk categorization
- Operational knowledge of secure software development life cycle principles from training and requirements gathering to post-implementation operations support.
- Ability to effectively present and communicate security threats and risks to ANY audience and impress upon them the mitigation techniques and strategies
- Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
- Knowledge and experience in using SAST, DAST and fuzz testing tools
- Effective communicator and well-honed influencing and negotiating skills
- Solid problem solving and analytical skills, and able to quickly digest any issue/problem encountered and recommend an appropriate solution.
- Self-motivated, able to work independently, and able to negotiate and bring consensus to diverse priorities of product development
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.