Senior Cybersecurity Engineer
- Full-time
- Job Family Group: Technology and Operations
Company Description
As the world’s leader in digital payments technology, Visa’s mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.
You’re an Individual. We’re the team for you. Together, let’s transform the way the world pays.
Job Description
As a member of the Applied Cryptography team and Data Protection Security Architects, the Staff Info. Security Engineer will lead architecture, design and implementation of data security solutions along with maintenance, documenting enrollment of various visa applications into data security solutions enablement. Perform the Security Architecture Reviews covering all secure architecture and design principles and acting as SME for all data security architecture solutions and principals.
Qualifications
Basic Qualifications
- 5 years of work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD degree.
Preferred Qualifications
- 7-10 years of work experience and a Bachelor’s Degree or
- 6 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or
- 3 years of experience with a PhD.
- Strong knowledge of application/solution architecture, design and development in Java, C, C++, .NET
- Experience with Secure Development Lifecycle methodologies, Agile based methodologies.
- Experience and deeper understanding on the FIPS 140-2 level 2+ certified Hardware Security Modules, 4th Generation Key Management systems such as RSA Data Protection Management, Gemalto KeySecure, Vormetric DSM.
- Hands on experience with Cryptographic APIs and Tools: JCE, MSCAPI, Bouncy Castle, OpenSSL, Java Keytool
- Understanding on the security protocols such as SSL/TLS, SSH, CMP, KMIP
- Understanding and experience with the cryptography fundamentals, Digital Certificates, CRL/OCSP, PKI and PKCS standards (PKCS #5, #7, #8, #10, #11 and #12)
- Understanding the of database protection functionality including the Native Encryption and Transparent Data Encryption in MS SQL, Oracle, MySQL, DB2, MongoDB
- Understanding on the various operating systems and file systems such as RHEL, Windows, NFS, GPFS, HDFS.
- Exposure and understanding on Big Data, Cloudera, Hortonworks platforms
- Experience with Application Technical Architecture, Solution Architecture, Enterprise Architecture and Infrastructure Architecture.
- Verbal and written communication skills, problem solving skills, attention to detail and interpersonal skills along with the ability to present complex security subjects to internal work groups and projects.
- Ability to work independently and manage one's time with minimal direction from supervisor
- The ability to work effectively with other functional areas and understand the operational and cultural issues relevant to achieving superior results
- Must be flexible and able to manage multiple tasks and priorities on very tight deadlines.
- Be a self-motivated and results oriented individual with an attention to driving aggressive project timelines and schedules.
- Ability to work independently and in collaboration with others to achieve a high level of success.
- Sound interpersonal and collaboration skills with the ability to develop, maintain and foster constructive relationships with others.
Provide onsite support of encryption technologies such as general purpose and payment HSMs.
Support and facilitate the Global Key Custodian Program
Additional Information
Essential Functions
- Be a Data Protection/ security champion by driving Security Architecture and Design/ implementation/optimization Data Protection Solutions and Web Services and Web applications across Visa.
- Engage in the initial requirements definition (including analysis of threats and risks and alignment with Visa security, Engineering, IT and Architecture standards.
- Conduct and facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
- You’ll be working on enabling/building data security solutions on various platforms and technologies which protect the applications data from various attacks.
- Help business and product team to achieve various compliance certifications like PCI, FFIEC etc.
- Develop and Continuous Engineering of the Data Protection and Cryptographic Solutions including 3rd party products such as Gemalto KeySecure, Voltage Tokenization, Vormetric DSM and Hardware Security Modules, using Programming languages like Java, C, C++, .Net.
- Be responsible for overall planning, direction and oversight of multiple projects, products, services or functions.
Physical Requirements
- This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.
- Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.