Cybersecurity Engineer - Vulnerability management

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

This position supports the information security function by providing oversight, coordination, and delivery of systems supporting compliance and assurance activities as well as operational functions essential to maintaining our cybersecurity posture.  As a member of PPC Cybersecurity & Compliance, you will focus on all finding types that carry a Required Resolution Date (RRD).

In your first year, your focus will be vulnerability management from maintenance of Qualys scans to interpretation and sequencing of findings, management of Application Technical Contacts (ATCs), execution of patching and configuration changes, and compliance management – i.e., ensuring that findings are remediated or accepted prior to the initial RRD.

As you demonstrate mastery of the above, you will be expected to improve the efficiency of the system (i.e., the people, process, and technology) used to manage findings within RRDs.  This will include business and system architecture, process documentation and maintenance, and innovation designed to improve consistency at scale or to remove work from ATCs that can be done within the RRD Administration team.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Qualifications

Basic Qualifications

• 3+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience

Preferred Qualifications

• 3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• 3-6 years of end-to-end vulnerability management experience including provision of vulnerability scanners, agent provision and maintenance, interpretation of findings, ranking of findings outside of VVMS scores, option assessment, management of superseded patches, false positives, reassignment of findings, remediation actions (i.e., patching), confirmation (i.e., re-scanning to confirm remediation), and management of remediation to a standard. Qualys experience is preferred, but, not required.
• Familiarity with MS Excel, PowerPoint, Word, and SharePoint
• Ability to work independently, translate broad directives to detailed plans, independently problem solve, and to collaborate and communicate to ensure alignment to the objectives and the progress of work to completion.
• Excellent verbal and written communication skills
• Familiarity with common controls frameworks including OWASP, SANS Top 20 Security Controls, and NIST 800-171
• One year of experience in automation, tool development, or scripting with Python or JavaScript
• Familiarity with assurance standards such as ISO 27001, PCI-DSS, SSAE 16, SOC, etc.
• Security+, CySA+, or the equivalent certification from another credible institution

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.