Vacancy expired!
Job Description
Candidate will develop, support, tune and deploy security solutions across Visa. Primary day-today job duties involve –
Web Application Security: Engineering, deployment, and operations of security solutions, including Database Activity Monitoring and Web Application Firewalls, as well as integration of those platforms with other solutions as required.
Security Software Development: Scripting and Development inPython, Shellscripting and development in other languages
Responsibilities
Web Application SecurityWAF Engineer:
Engineers, configures, deploys, and maintains Web Application Firewall solutions
Develops advanced scripts for manipulation of multiple data repositories to support analyst requirements
Develops advanced alerts/reports to meet the requirements of key stakeholders
Develops scalable security management tools and processes
Develops automation for security tools management and workflow integration
Collaborates with key stakeholders within Cybersecurity and Engineering teams to develop specific use cases to address specific business needs
Creates WAF rules to mitigate threats and implements best practices
Develop new SIEM content for Cybersecurityteams, includingcorrelations, enrichments, dashboards, reports, and alerts that appropriately characterize web application attacks and mitigation mechanisms
Qualifications
Basic Qualifications:5 years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD
Experience with one or more of: Akamai, AWS Cloudfront, Cloudflare CDN andother CDN solutions
Experience with one or more of the following: imperva Web Application Firewall, F5 WAF, and CDN Firewall
Preferred Qualifications:Web Application Firewall Experience (Must have):
Experience with one or more of the following:
SecDevOpsExperience:
- Expert Python Scripting, Perl, Shell scripting. Development experience in C, Java, Java Script.
- Excellent experience with Regular Expressions
- SecDevOpsexperience inmaintaining and enhancing infrastructure as code with CloudFormation, Terraform, Puppet, Jenkins orCodeDeploy
- Experience with using knowledge management and code repositories, includingGithub, Gitlab, Jira, and Confluence
- Experience with Lambda,API Gateway
Application Security:
- Knowledge of SSDLC processes
- Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
- Experience with Web Application Firewall management and rules
- Well versed in system exploits (e.g.Buffer Overflows, PTH attacks, windows authentication framework etc.)
- Excellent understanding of common network and web protocols
- Excellent understanding of DDoS techniques and mitigation mechanisms
Cyber Defense and Incident Response:
- Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
- Prior experience in Security Operations and Incident Response
- Excellent understanding of Cyber Security Operations, Incident Response processes
Infrastructure management and support:
- System administration experience in a Windows and Unix environment
- Experience working in a large enterprise environment
- Experience integrating solutions in a multi-vendor environment
- Familiarity with Atlassian JIRA
Additional Information
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Vacancy expired!