Sr. Cybersecurity Analyst, Ethical Hacking (Penetration Testing)
Austin, TX, United States
Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.
When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.
Join Visa: A Network Working for Everyone.
The Sr. Cybersecurity Analyst will work as a member of Visa Cybersecurity’s Ethical Hacking (Penetration Testing) program. The objective of Visa’s Penetration Testing program is to proactively identify weaknesses and shortcomings in Visa’s security posture and recommend necessary controls/procedures to protect Visa from adversarial threats. With this mission in mind, Visa’s Ethical Hacking Team experts are proactively involved in engagements that simulate adversarial threats and attacks in a timely manner.
The Sr. Cybersecurity Analyst will be a key contributor for performing internal and external penetration tests of Visa applications and systems. Penetration Test team members also help with design, development, and recommendation of security solutions to protect Visa proprietary/confidential data and systems. The candidate will also assist with compliance objectives, provide guidance/direction for the logical protection of information systems assets to other functional units, prepare reports regarding effectiveness of information security adherence, and make recommendations for the adoption of new policies and procedures for Visa services.
Conduct high risk and sensitive penetration tests of internally and externally hosted applications globally according to scope defined by the penetration test team
Subject matter expertise in web application, API, thick client, or network penetration testing with track record of end-to-end testing of complex systems
Coordinate and execute system/network level penetration tests and ethical hacking exercise
Proactively research/identify vulnerabilities and provide recommended countermeasures or mitigating controls to reduce risk to an acceptable and manageable level
Review results of network and application penetration tests in order to determine severity of findings and to ensure proper remediation is applied
Provide accurate and timely reporting of findings and proposed remediation/mitigations
Technical support could include but not limited to the following: Audit support & remediation, Process Improvement, Analysis & Reporting. Cross Divisional Functional education/training/awareness, and Function/Methodology/Strategy advancement
Provide technical support to senior management in identifying and streamlining new/existing protocols and tools used by the penetration testing team
Mentor junior penetration testers
Develop and automate scripts, tools and resources needed to advance ethical hacking capabilities around new and emerging technologies like mobile, cloud and embedded systems
Active involvement in security research around new and emerging technologies
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.
• 5+ years of relevant work experience and a Bachelors degree, OR 8+ years of relevant work experience
• 6 or more years of work experience with a Bachelors Degree or 4 or more years of relevant experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or up to 3 years of relevant experience with a PhD
• Understanding of OWASP Top 10 and SANS Top 25 web application and network vulnerabilities
• Understanding of cryptographic concepts and applied cryptography (SSL, AES, etc.)
• Deep understanding and extensive experience in using CVSSv3.0/3.1
• Proficiency in one or more scripting language – Perl, Python, Shell Scripting, etc.
• Proficiency in one or more high level programming languages like Java, C, C++, Ruby, etc.
• Expertise and experience in web application/API/thick client/network penetration testing
• Knowledge of exploit development, vulnerability research/reporting or writing system modules in C/C++/Python an added bonus
• Detailed understanding of OSI and TCP stack with emphasis on computer architecture and networking protocols
• Knowledge of web application technologies and layer 7 protocols like HTTP, DHCP, DNS, FTP etc.
• Solid understanding of networking concepts around Ethernet, switched LAN/WAN environments
• Prior knowledge or academic familiarity with reverse engineering, malware analysis, security research and forensic tools will be an added advantage
• Extensive familiarity with security tools & frameworks like Burp Suite Professional, Nmap, Nessus, Kali, etc.
• Strong problem solving and analytical skills
• Strong verbal and written communication skills
• Strong operational skills: quality and results oriented
• Strong client service orientation
Work Hours: Varies upon the needs of the department.
Travel Requirements: This position requires travel 5-10% of the time.
Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 117,700.00 to 153,000.00 USD, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.
* Salary range is an estimate based on our salary survey 💰
Tags: AES APIs Burp Suite C C++ Cloud Compliance Cryptography DNS Ethical hacking Exploit Java Kali Malware Nessus Nmap OWASP Pentesting Perl PhD Python Reverse engineering Ruby SANS Scripting Strategy Vulnerabilities
Perks/benefits: Equity Health care Insurance Salary bonus Startup environment Wellness
More jobs like this
Guadalajara, Mexico Guadalajara, Mexico Full TimeSenior Senior-levelUSD 132K - 190K * USD 132K+ *
Security Engineer - SOC AnalystAWS Compliance Computer Science DevOps Docker Firewalls Incident response +9
Career development Competitive pay Flex vacation Parental leave Startup environment +1
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Security Architect jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Analyst jobs
- Open Senior SOC Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Head of Information Security jobs
- Open IT Security Analyst jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Application Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Manager Pentest H/F jobs
- Open Lead Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Vulnerability management-related jobs
- Open DevSecOps-related jobs
- Open IAM-related jobs
- Open Java-related jobs
- Open SaaS-related jobs
- Open CISM-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Analytics-related jobs
- Open CI/CD-related jobs
- Open Malware-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open OWASP-related jobs