What's it all about?
Cybersecurity is at the beating heart of our business. Our diligence and expertise is what makes us undisputed leader in electronic payments. We've made it our priority to create a top-tier Security Architecture team, poised to defend us against any potential cyber threats.
We're looking for those of you who are inherently driven and fascinated by the art and science of cyber defence. We'll equip you with the very best tools and tech so that you can deliver top notch results.
Continuous self-development underpins job fulfilment at Visa. As a Security Architect, you'll be exposed to a variety of challenges and opportunities to hone your skills. We'll provide the right environment and a plethora of top notch professionals to learn with and from.
What we expect of you, day to day
- Be a product security champion by driving Security Architecture and Design, implementation and optimization for Web, API and Mobile backend applications across Visa.
- Engage in the initial requirements definition including analysis of threats and risks and alignment with Visa security, Engineering, IT and Architecture standards.
- Conduct and facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
- Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's; and plan the resolution of any identified vulnerabilities/issues.
- You'll be working on enabling/building security controls which protect the applications from attacks on various platforms and technologies, like:
- Linux, Windows, VMWare, Openstack, SDN, Public cloud like AWS, Google
- Cybersecurity tools like IDS, SIEM, Tripwire, Tanium, Netwitness, Netflow, WAF
- HSMs, Tokenization systems, data encryption solutions from Safenet, Vormetric etc
- Web technologies like HTTP, SOAP, REST services, AJAX
- Databases like Oracle, MS SQL, Redis, Cassandra
- Caching services like Hazelcast, Coherence, and messaging systems like Kafka, MQ
- Web Access Management solutions like Forgerock, Siteminder, Custom/in-house Security Frameworks
- Automate security tools and processes ensuring innovation and advancement strategies that keep pace in the areas of access control, security-in-depth, secure transaction processing, secure coding practices for web and mobile applications.
- Help business and product team to achieve various compliance certifications like PCI, FFIEC etc.
- Identify and analyse system and application level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable and manageable level.
What we're after…
- 3-8 years of experience in the Cybersecurity field
- Excellent knowledge and experience on defense-in-depth design review, particularly on Web Application Security and Threat Modelling.
- Strong knowledge of data protection concepts and cryptographic fundamentals, encryption algorithms
- Technical experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, etc.