Sr. Cybersecurity Analyst
- Full-time
- Job Family Group: Technology and Operations
Company Description
Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.
When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.
Join Visa: A Network Working for Everyone.
Job Description
Purpose of Role:
The Application Security Specialist is a pivotal role in creating a secure software development life cycle at Fraedom.
As a member of the Security team, you will work to remedy and expedite remediation work related to security within our application stacks. In addition, there are several areas where creativity and improvisation will require your existing development expertise. You will be working alongside security professionals in both Application Security and Operations, as well as other development team members and consultants.
This role requires a dedication to technical excellence, not only in writing code, but also in testing, documentation, and reviews. Being a strong and influential communicator is essential as well as a positive attitude and willingness to work across various disciplines as required.
You will be required to consult for multiple delivery teams and balance multiple tasks according to priority. Whilst consulting with Agile delivery teams, you will be assisting with their security problem solving, and most importantly, coaching the teams on secure coding best practices. You will also be pursuing strategic security Research and Development tasks as directed by the Security Practice Lead.
Development experience with modern web (React, Javascript, OWASP Top 10), .Net development (ASP.Net, Web API, C# library development) and the security of relational databases (SQL Server) is required. Most important is a demonstrated ability to learn new technology and incorporate security principles into best practice.
Areas of Accountability:
Software development
- Conduct security code reviews
- Remediate security issues
- Mentoring and upskilling developers
- Following coding style standards and secure guidelines
- Using source control (Git)
- Writing unit and integration tests
- High quality code that meets guidelines for style
- Team feedback
- Analyse Penetration testing results
- Peer reviews and the Security Training Register
- Code is effectively covered to agreed level of code coverage
- Adherence to secure software principles that enforce legal compliance
- Events and logs analysis
Technical Knowledge
- Solid understanding of the Microsoft technology stack and how it relates to Fraedom
- Clear understanding of modern web technologies in relation to writing secure software
- Maintain relevant, up-to-date information from across the industry regarding information security and privacy
- Good knowledge of .NET system libraries
- Strong understanding of web application infrastructure in relation to security concerns
- Ability to communicate and mentor modern secure development techniques and practices
Domain Knowledge
- Learning Fraedom domain concepts
- Documentation
- Knowledge sharing
- Demonstrates knowledge and understanding of domain
- Creates technical documentation for new modules and features
- Shares knowledge with colleagues
- Regular contributor to wiki
Security Point of Contact (SPOC)
- Security point of contact for solutions and Internal Business in multiple contexts including:
- Security related platform RFP questions.
- Internal technology audits.
- Working with the Practices to implement BAU security outcomes.
- Working with Ops and InfoSec on Proactive security monitoring.
- Working with external consultants as required for code reviews and audits.
This is a hybrid or remote position.
Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office two days a week, Tuesdays and Wednesdays with a general guidepost of being in the office 50% of the time based on business needs.
A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice.
Qualifications
• Previous Application Security experience preferred
• OWASP Top 10, CWE Top 25 and other common web vulnerabilities
• PCI DSS, ISO27001 and other regulatory frameworks
• Experience with SAST and DAST software (Contrast, Checkmarx, BlackDuck, Snyk, etc.)
• Familiarity with software component reviews and CVE research techniques
• Transactional systems e.g., banking, finance, telecommunications, etc
• Financial industry experience
• .NET development in C# with recent frameworks
• ASP.NET MVC
• JavaScript, React, Redux, Typescript
• Experience with Enterprise scale multi-tenant Cloud/SaaS web environments
• Microsoft SQL Server 20014-19
• Use of Git for source control
• Continuous Integration and Deployment frameworks (TeamCity or similar)
Key Attributes:
• Attention to detail
• Self-motivated
• Strong interest in web application security
• Strong and Influential communication skills
• Able to build strong relationships with a range of stakeholders