Sr. Cybersecurity Engineer - Web Application Security WAF
Bengaluru, India
Visa
Das digitale und mobile Zahlungsnetzwerk von Visa steht an der Spitze der neuen Zahlungstechnologien für die neue Zahlung, elektronische und kontaktlose Zahlung, die die Welt des Geldes bildenCompany Description
Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.
When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.
Join Visa: A Network Working for Everyone.
Job Description
Candidate will develop, support, tune and deploy security solutions across Visa.
Primary day-today job duties involve -
Web Application Security: Engineering, deployment, and operations of security solutions, including Web Application Firewalls, as well as integration of those platforms with other solutions as required.
Security Software Development: Scripting and Development in Python, Shell scripting and development in other languages
Essential Functions
Sr. Cybersecurity Engineer - Web Application Security WAF:
Engineers, configures, deploys, and maintains Web Application Firewall solutions
Develops scripts for manipulation of multiple data repositories to support analysts
Develops alerts/reports to meet the requirements of key stakeholders
Develops automation for security tools management and workflow integration
Collaboration with key stakeholders within Cybersecurity Engineering teams to develop specific use cases to address web and application security requirements
Creates WAF rules to mitigate threats and implement security best practices
Develop and enhance SIEM content for Cybersecurity teams, including correlations, enrichments, dashboards, reports, and alerts that appropriately illustrate and characterize web application attacks and mitigation mechanisms
Application Security
Knowledge of SSDLC processes, procedures, and tools
Knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools
Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks
Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
Strong experience with Web Application Firewall management and rules
Excellent understanding of common network and web protocols
Excellent understanding of DDoS, Bot, and ATO techniques and mitigation mechanisms
Cyber Defense and Incident Response
Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
Prior experience or support of Security Operations and Incident Response
Excellent understanding of Cyber Security Operations and Incident Response processes
Infrastructure management and support
System administration experience with Windows and Unix servers
Experience working in a large enterprise environment
Experience integrating solutions in a multi-vendor environment
Familiarity with Atlassian JIRA
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.
Qualifications
Basic Qualifications
•5+ years of relevant work experience with a Bachelor’s Degree or at least 2 years of work experience with an Advanced degree (e.g. Masters, MBA, JD, MD) or 0 years of work experience with a PhD, OR 8+ years of relevant work experience.
Preferred Qualifications
• 6 or more years of work experience with a Bachelors Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
• Experience with one or more: Akamai, AWS Cloudfront, Cloudflare, or other CDN solutions
• Experience with one or more of the following: Imperva WAF, F5 WAF, and CDN Firewall
• Web Application Firewall Experience (Must have)
• SecDevOps Experience
• Expertise in one or more of the following: Python, Perl, shell scripting, C++, Java, Java Script
• Excellent experience in creating Regular Expressions for security polices and rules
• Experience in maintaining and enhancing infrastructure as code with one or more of the following: CloudFormation, Terraform, Chef, Puppet, Jenkins, CodeDeploy
• Experience with using knowledge management and code repositories with Github, Gitlab, Jira, and Confluence
• Experience with Lambda, API Gateway
Additional Information
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: API Gateway APIs Application security Automation AWS C CDN Cloudflare CloudFront Confluence Cyber defense DDoS Firewalls GitHub GitLab IDS Incident response IPS Java Jira Kali Lambda Open Source OWASP Perl PhD Puppet Python Scripting SIEM SQL SQL injection Terraform UNIX Vulnerabilities Web application testing Windows XML XSS
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs