Staff Systems Analyst

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid. Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

Visa Technology & Operations LLC, a Visa Inc. company, needs a Staff Systems Analyst (multiple openings) in Austin, Texas to:

1. Act as a Security Champion of overall Clearing and Settlement department.
2. Develop, enhance, and fix programs for securing and enhancing Visa's critical Clearing and Settlement systems.
3. Cross-collaborate with Cybersecurity, Application Teams, PenTest Teams and technical staff to design and secure applications by appropriate solutions.
4. Develop and implement secure web applications using Checkmarx, Sonarcube, and Blackduck, following industry best practices. Ensure secure coding practices are adhered to throughout the development lifecycle.
5. Implement secure coding practices with a focus on TLS, handshaking, and ciphers in setting applications. Stay updated with the latest CVE findings and apply necessary security measures to mitigate vulnerabilities.
6. Monitor Patch and Vulnerability management solutions, including Qualys and TSR and threat prevention systems.
7. Implement and manage cryptographic techniques including RSA 256, HMAC 256, SHA 256, and AES 256. Perform digital signature verification using asymmetric keys and generate asymmetric keys (2048 and 4096 bits) while managing key expiry.
8. Implement JWT Token for REST API authentication and set up OpenID Connect using integrity and confidentiality keys. Ensure secure integration of OAuth-2 with the Spring framework.
9. Conduct comprehensive security assessments including static code vulnerability analysis, third-party library assessments, and OWASP violation checks. Ensure all PenTest findings are addressed and all PAN and PII data are secured.
10. Perform threat modeling to identify potential security threats and vulnerabilities in the application architecture. Develop and implement mitigation strategies to address identified threats.
11. Develop and maintain incident response plans to address security breaches and incidents. Conduct regular incident response drills to ensure preparedness.
12. Implement and manage security monitoring tools to detect and respond to security incidents in real-time. Analyze security logs and alerts to identify and address potential security issues.
13. Evaluate options and provide recommendation on scope and scale of effort required to develop solutions.
14. Contribute during technical security engagements to ensure VISA’s compliance with internal and regulatory requirements.
15. Ensure compliance with relevant security standards and regulations such as PCI-DSS, GDPR, and HIPAA. Conduct regular security audits and assessments to ensure compliance.
16. Identify opportunities for further enhancements and refinements to standards, processes, and systems.
17. Develop ways to automate compliance and security to improve the efficiency of the Team.
18. Maintain detailed documentation of security protocols, procedures, and assessments. Provide regular reports on security status and recommendations for improvements.
19. Conduct security training and awareness programs for development teams to ensure they are knowledgeable about secure coding practices and the latest security threats.
20. Position reports to the Austin, Texas office and may allow for partial telecommuting.

Qualifications

Basic Qualifications:

• Employer will accept a Bachelor's degree in Cybersecurity, Security Engineering, or related field and 2 years of experience in the job offered or in a security analyst or cybersecurity analyst-related occupation.
• Alternatively, employer will accept a Master’s degree in Cybersecurity, Security Engineering, or related field.
• Position requires experience in the following skills:
  1. Proven experience in web application security and secure coding practices. Hands-on experience with Checkmarx, Sonarcube, and Blackduck.
  2. Web application security, and secure coding and best practices.
  3. Python, Java, JavaScript, MySQL, Linux and Linux standards.
  4. Web Access Management solutions, such as ForgeRock.
  5. Strong knowledge of TLS, handshaking, ciphers, and CVE findings. Expertise in cryptographic techniques including RSA 256, HMAC 256, SHA 256, and AES 256.
  6. Experience with digital signature verification and asymmetric key management.
  7. Familiarity with JWT Token, OpenID Connect, and OAuth-2 integration with Spring.
  8. In-depth understanding of OWASP guidelines, security assessments including static code vulnerability analysis, third-party library assessments and Penetration testing.
  9. Fixing security attacks and Threat modelling.
  10. Vulnerability assessments, threat prevention systems and Penetration testing.
  11. Incident response and root cause analysis.
  12. Hands-on security monitoring tools.
  13. First level compliance monitoring and investigations.

Experience in the above skills can be gained through academic coursework and/or work experience.

Additional Information

Worksite: Austin, TX

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Travel Requirements: This position does not require travel.

Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is $112,100.00 to $179,400.00 USD per year, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.