Lead Cybersecurity Engineer

Company Description

Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.

When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.

Join Visa: A Network Working for Everyone.

Job Description

Cybersecurity is at the beating heart of our culture. Our diligence and expertise is what makes us the undisputed leader in electronic payments.  We’ve made it our priority to create a top-tier Identity and Access Management team, poised to defend us against any potential cyber threats. We’re looking for those of you who are inherently driven and fascinated by the art and science of cyber defense. We’ll arm you with the very best tools and tech so that you can deliver top notch results. Development underpins job fulfillment at Visa.
As Lead Cybersecurity Engineer, you’ll be enthused by getting forefront into various payment security sector related projects. You will have the chance to work with people from a range of disciplines as well as colleagues and clients at every level.

The IAM Cybersecurity team is looking for an attentive, thoughtful, communicative, and passionate engineer to join our team. You will help us evaluate, implement, deploy and support IAM technologies that enable SSO, Authentication & Authorization for our enterprise and cloud platforms. This role will focus primarily on access management functions for Acquired Entities (AE) and CSP platforms (AWS, GCP and Azure) platforms.  

Engineers typically work under the guidance of Subject Matter Expert (SME), architects, lead engineers and managers responsible for a given area  this role will focus primarily on access management for CSP platforms (AWS, GCP and Azure.   
 

Essential Functions 

• Meet with business users to determine and consult on requirements and design cloud identity solutions from the ground up
• Effectively communicate business processes, security policy requirements, and technical details to a wide range of technical and non-technical individuals.
• Automate IAM access controls by developing and modifying Infrastructure As Code (IaC) scripts for configuring cloud platforms using CI/CD pipeline
• Design, build, and maintain scalable cloud infrastructure entitlements using RBAC in AWS, Azure and GCP cloud platforms
• Understand and utilize fundamental security policies and best practices to secure CSP environments
• Manage and execute BAU operational tasks for public Cloud platform (AWS, GCP, Azure)
• Manage and execute BAU operational tasks for AE platforms (Active Directory)
• Collaborate with other Cybersecurity and Operations/Infrastructure teams to provide solutions and support for Cloud platform utilizing excellent verbal and written communication skills
• Proficiency with tools used for auditing and reporting to support internal and external audits request for evidence
• Develop scripts and document procedures along with processing tickets assigned to team incident and task queue (ServiceNow) to handle operations and access requests, to make sure availability and performance SLAs are met
• Utilize SIEM tools (e.g. Splunk, Sumo Logic) to analyze security event logs, troubleshoot authentication errors, and perform root cause analysis
• Monitor KPIs and provide fulfillment for incident / access request ticketing queues to meet or exceed SLAs.
• Analyze and troubleshoot incidents by being available for on-call rotation for support.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office two days a week, Tuesdays and Wednesdays with a general guidepost of being in the office 50% of the time based on business needs.

Qualifications

Basic Qualifications:

• 10 or more years of work experience with a Bachelor’s degree or at least 8 years of work experience with an Advanced Degree (e.g. Masters/ MBA/JD/MD) or at least 3 years of work experience with a PhD
• 5+ years of experience of implementing IAM security best practices for cloud-based infrastructure, applications, and services. Must have a hands-on experience in building and designing Cloud solutions from Cloud Service Providers like AWS, GCP and Azure
• 3+ years utilizing software configuration management (BitBucket, Jenkins) and Infrastructure as Code (Terraform)

Preferred Qualifications:

• 12 or more years of work experience with a Bachelor’s degree or 8-10 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 6+ years of work experience with a PhD
• CISSP and/or Certification in any CSP AWS, GCP or Azure highly desirable.
• Deep Identity and Access Management experience in Active Directory, AWS, GCP or Azure, including provisioning, operations and management of roles and policies with understanding of RBAC, JIT and ZTA.
• Implemented access management best practices for CSPs with administration of IAM services in CSP environments.
• Understand security principles such as separation of duties (SoD) and least privilege (LP)
• DevOps experience with understanding of REST APIs
• Understanding of cloud container service (EKS, AKS, GKE)
• General programming/scripting skills (e.g. Python, Powershell, etc)
• Supported Control Tower / Landing Zone in AWS
• A working knowledge of AD, Windows server operating systems including LDAP, Authentication, Kerberos and DNS

Additional Information

Visa has adopted a COVID-19 vaccination policy. As a condition of employment, all employees based in the country where this job is located are required to be fully vaccinated for COVID-19, unless a reasonable accommodation is approved or as otherwise required by law.