Cybersecurity Engineer

Cybersecurity is at the beating heart of our culture. Our diligence and expertise is what makes us the undisputed leader in electronic payments. We've made it our priority to create a top-tier Cybersecurity team, poised to defend us against any potential cyber threats. We're looking for those of you who are inherently driven and fascinated by the art and science of cybersecurity and more specifically, mergers and acquisitions with a specific focus on Cybersecurity integration. We'll equip you with the very best tools and tech so that you can deliver top notch results. Continuous self-development underpins job fulfilment at Visa.

As a Cyber Security Engineer within the Cybersecurity M&A Team, you are uniquely placed to utilise and grow your engineering and defence skills across a myriad of security technologies. Your role will cover:

1. Configure, deploy, and maintain security solutions and processes i.e. IDS, FIM, WAF, SASE, Firewalls, Web Proxies, vulnerability scanners.
2. Configure, deploy, and maintain cloud security controls in Public Cloud.
3. Develop advanced alerts/reports to meet the requirements of key stakeholders.
4. Automate security tools management and workflow integration.
5. Collaborate with other Cybersecurity and Engineering teams to address specific business needs.
6. Develop SIEM correlation rules, enrichments, dashboards, reports, and alerts that appropriately characterize cyber-attacks and mitigations.
7. IAM experience, Active Directory, SSO, MFA.
8. Excellent understanding of common network and web protocols.
9. Excellent understanding of DDoS techniques and mitigation mechanisms.

Cyber Defense and Incident Response:

1. Monitor Information Security alerts using Security Information and Event Management (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts.
2. Utilize sensor data and correlated logs containing AV, IDS, Windows events, Web Proxy, and similar data to establish context and rule out false positives.
3. Mitigate and contain identified threats using approved incident response methodologies. Initiate escalation procedures and incident response processes as defined in operational plan.
4. Perform analysis of security alerts to evaluate risk, determine containment action and identify required preventative measures.
5. Ensure proper documentation of security incidents including attack details.
6. Interact and aid other investigative teams within Visa on time sensitive, critical investigations.
7. Provide feedback to peer teams to enhance security sensor and improve detection capability.
8. Collaborate with operational support teams to ensure they are actively engaged in addressing potential security threats that can impact business.
9. Contribute to projects that enhance the security posture of the enterprise.
10. Operationalize actionable Threat Intelligence reports from internal and external sources.
11. Identify trends, potential new technologies, and emerging threats which may impact the business.
12. Respond to incoming reports of security incidents from the organization via calls and emails.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

1. 2-3 years of work experience with a Bachelor's Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
2. Cybersecurity related certification. i.e. CISSP, CEH, OSCP, GSEC, GCIH, GCIA, GCED, GCFA, CySA+
3. Direct experience in handling cyber security incidents and associated incident response tools
4. Demonstrated experience in an enterprise-level incident response team or security operations
5. Strong working knowledge of common security tools such as SIEM, AV, WAF, IDS, Netflow, Packet Analyzers, and Endpoint Detection & Response tools
6. Experience in operating and utilising Security Information and Event Management tools
7. Strong knowledge of malware families and network attack vectors
8. Solid understanding of TCP/IP and internetworking technology including packet analysis, routing, and network security defences
9. Strong knowledge of operating systems, network services, and applications
10. Knowledge of web application security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, and API attacks
11. Good understanding of Web Application Security risks
12. Knowledge of OWASP top 10 vulnerabilities and mitigation strategies.
13. Excellent understanding of DDoS techniques and mitigation mechanisms
14. Strong understanding of cloud technologies and related security best practices
15. Experience with Enterprise scale multi-tenant Cloud/SaaS web environments
16. Knowledge of PCI DSS, ISO27001, ISAE3402, and other regulatory frameworks
17. Familiarity with DevSecOps CI/CD concepts, automation tooling, containerisation, and automation.
18. AI and automation skills, including machine learning algorithms and frameworks, and AI models for cybersecurity applications
19. Programming and scripting experience
20. Display great problem-solving skills, with tenacity and resilience to resolve issues.
21. Excellent communication and presentation skills with proven ability to present analytical data effectively to varied audiences
22. Strong interpersonal and leadership skills to influence and build credibility as a peer

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.