Cybersecurity Engineer - Vulnerability management
VisaDas digitale und mobile Zahlungsnetzwerk von Visa steht an der Spitze der neuen Zahlungstechnologien für die neue Zahlung, elektronische und kontaktlose Zahlung, die die Welt des Geldes bilden
Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.
Make an impact with a purpose-driven industry leader. Join us today and experience #LifeAtVisa
This position supports the information security function by providing oversight, coordination, and delivery of systems supporting compliance and assurance activities as well as operational functions essential to maintaining our cybersecurity posture. As a member of PPDCC you will focus on all finding types that carry a Required Resolution Date (RRD).
In your first year, your focus will be vulnerability management from maintenance of Qualys scans, to interpretation and sequencing of findings, management of Application Technical Contacts (ATC), execution of patching and configuration changes, and compliance management – i.e., ensuring that findings are remediated or accepted prior to the initial RRD.
As you demonstrate mastery of the above, you will be expected to improve the efficiency of the system (i.e., the people, process, and technology) used to manage findings with RRDs. This will include business and system architecture, process documentation and maintenance, and innovation (e.g., education of stakeholders, automation of process, product management, introduction of new technologies, etc.) designed to improve consistency at scale or to remove work from ATCs that can be done within the RRD Administration team.
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.
- 3+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience
- 3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
- 3-6 years of end-to-end vulnerability management experience including provision of vulnerability scanners, agent provision and maintenance, interpretation of findings, ranking of findings outside of VVMS scores, option assessment, management of superseded patches, false positives, reassignment of findings, remediation actions (i.e., patching), confirmation (i.e., re-scanning to confirm remediation), and management of remediation to a standard. Qualys experience is preferred, but, not required.
- Familiarity with MS Excel, PowerPoint, Word, and SharePoint
- Ability to work independently, translate broad directives to detailed plans, independently problem solve, and to collaborate and communicate to ensure alignment to the objectives and the progress of work to completion.
- Excellent verbal and written communication skills
- Familiarity with common controls frameworks including OWASP, SANS Top 20 Security Controls, and NIST 800-171
- Familiarity with assurance standards such as ISO 27001, PCI-DSS, SSAE 16, SOC, etc.
- Security+, CySA+, or the equivalent certification from another credible institution
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Senior Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Infosec Risk Manager jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs