Sr. Cybersecurity Engineer - WAF
- Ashburn, VA, USA
Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do. CyberSource, a Visa company, has been and continues to be a pioneer within the e-Commerce Payment Management world. Our VisaNet network is capable of handling over 65,000 transaction messages per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.
Develop, support, tune, and deploy security solutions with primary job duties involving:
- Web Application Security: Engineering, deployment, and operations of security solutions, as well as integration with other solutions as required.
- Logging, Monitoring, Alerting, Blocking: Enrolling web properties and application log sources, administration, content development, and working with our customers/stakeholders across the globe. Working with on-premise and cloud-based products such as Imperva WAF, Akamai, CloudFlare, Splunk, ArcSight, ELK Stack, IBM QRadar, and Sumologic.
- Security Software Development: Scripting and development in python, shell, and other development in other languages.
4 years of work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD degree
Over 6 years of experience in Cybersecurity space :
- Well versed in python, Perl, and/or shell scripting. Development experience in C++, Java, Java Script is a plus
- Well versed in using regular expressions for the development of signature based policy rules
- API integration experience especially with the aforementioned commercial and open source products
Web and Application Security:
- Extensive experience and expertise with Web Application Firewall management and policy rules combined with knowledge of process and workflow
- Expertise with Cloud-based log aggregation, correlation, and alerting using commercial and open source tools
- Strong knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali related web application testing tools
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
- Excellent understanding of the Top 10 OWASP threats
- Excellent understanding of common network and web protocols
- Excellent understanding of DDoS techniques and mitigation mechanisms
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
- Knowledge of secure software development life cycle
Educational, Certifications and Other:
- Excellent communication skills
- Excellent team player
- CISSP, SANS GPEN, SANS GXPN, SANS GIAC, SANS GREM, AWS Security (at least some of these)
- OSCP (Offensive Security Certified Professional ) is a plus
- Bachelor’s degree in engineering, computer science, information security, or information systems
· Incumbent must make themselves available during core business hours.
- This position requires the incumbent to travel for work 10% of the time.
· This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.