Staff DevSecOps Engineer

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

As part of the Payment Product Development organization, you will be responsible to provide DevOps support and perform security related activities to safeguard Visa's Clearing & Settlement and Treasury applications, which clear, settle, and deliver transactions to issuer and acquirer financial institutions globally and settle funds. Through this challenging job, you will gain experience collaborating with various parts of the business in understanding security requirements, identifying areas of improvement and implementing changes to the process or system where it is needed. 

Essential Functions

• Perform and guide teams in designing, building, testing, and deploying changes to existing software.

• Remediate vulnerabilities by applying Patch and Vulnerability management solution (Qualys, TSR).

• Identify manual processes that can be automated and proactively automate those.

• Develop and maintain configuration and release scripts.

• Provide release planning services and installation script development for new applications where necessary.

• Develop automated build jobs using continuous integration platforms.

• Develop/improve automated deployment jobs using common scripting languages.

• Develop/improve and deploy source code branching methodologies and associated automation.

• Develop/improve release process improvements and update release standards documentation.

• Peer review change tickets to ensure accuracy of application change activities and mitigate risk.

• Work on improving and automating our processes to streamline operational work and monitor the systems in place and anticipate and mitigate potential issues.

• Motivate changes in accordance with our change management practices, participate on implementation teams to integrate new designs into production with minimal impact to operations, develop written procedures and standards, and directly interface and coordinate with other internal business groups and external partners.

• Develop, enhance, and fix programs for securing and enhancing Visa's critical Clearing and Settlement systems – Both Java and Windows based applications.

• Automate security tools and processes ensuring innovation and advancement strategies that keep pace in the areas of access control, security-in-depth, secure transaction processing, secure coding practices for web and mobile applications.

• Collaborate with Cybersecurity, Application Teams, PenTest Teams and technical staff to design and secure applications by appropriate solutions.

• Identify and analyze system and application-level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable and manageable level.

• Monitor vulnerability and threat prevention systems.

• Evaluate options and provide recommendation on scope and scale of effort required to develop solutions.

• Participate and maintain the implementation of an effective Information Security Program.

• Contribute during technical security engagements to ensure VISA’s compliance with internal and regulatory requirements.

• Build and maintain effective relationships across disciplines to provide superior product support.

• Suggest and cultivate ideas on the extension of the current systems to new products and services.

• Identify opportunities for further enhancements and refinements to standards, processes, and systems.

• Work with other Scrum Masters to increase the effectiveness of the application of Scrum in the organization.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Qualifications

Basic Qualifications

• 8+ years of relevant work experience with a Bachelor’s Degree or at least 5 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 2 years of work experience with a PhD, OR 11+ years of relevant work experience.

Preferred Qualifications

• 9 or more years of relevant work experience with a Bachelor Degree or 7 or more relevant years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 3 or more years of experience with a PhD
• 3+ years in information security management, security event monitoring and remediation of system/application vulnerabilities.
• Experience with web application security, secure coding and best practices are required.
• Experience with Patch and Vulnerability management solution (Qualys, TSR) are essential.
• Experience working with CI/CD and Groovy.
• Experience working on shell scripts, middleware components, log rotations and automation scripts.
• Experience working on MYSQL/Java/Node/pm2/Angular services.
• Experience working on code releases.
• Experience with building and setting up new development tools and infrastructure.
• Experience with automation and improvement of release process.
• Encouraging and building automated processes wherever possible.
• Experience in Java/J2EE, JavaScript, Angular, NodeJS, Spring, MySQL, Linux and Linux standards, rest API authentication is preferred.
• Strive for continuous improvement and build continuous integration, continuous development, and constant deployment pipeline.
• Experience working on Linux based infrastructure with knowledge of Linux/Unix commands.
• Excellent understanding of Ruby, Python, Perl, and Groovy
• Configuration and managing databases such as MySQL, Mongo, Cassandra
• Excellent troubleshooting.
• Working knowledge of various tools, open-source technologies, and cloud services
• Awareness of critical concepts in DevOps and Agile principles.
• Experience on Kubernetes, Kafka, Docker.
• Work on a platform for monitoring, logging, and orchestration of docker applications running on Kubernetes.
• Development and implement platform components to support containers.
• Present technical solutions, capabilities, considerations and features in business terms.
• Ability to multitask and handle multiple competing priorities with minimal direction from management. Should possess excellent planning and organizational skills.
• Ability to understand systems from all levels, from the 'big picture' enterprise-level view to the low-level technical view.
• Ability to represent technical and business issues and solutions to multiple levels internally and externally to support strategic organizational plans.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.