The role will work as a member of the Global Cybersecurity organisation - Security Architecture team, which is focused on improving technology and architecture decision-making through collaboration with management, staff and customers on technology strategy, enterprise architecture, and investments in strategic security technology.
The individual, with a broad cybersecurity plus systems and network architecture knowledge and experience, will deliver security assessments while supporting our direction, lifecycle management and leadership for security architecture and technology. The individual will perform a key role in Security assessments while supporting various critical initiatives through the identification, analysis, evaluation, lifecycle management and adoption of security architectures and technologies. The Security Architect will work closely with other security functions and will provide guidance to ensure that there is coordination with their activities in technology choices. In addition, the Security Architect will be involved with education and mentorship, supporting the delivery framework, development of technical architecture and associated documentation, as well as advanced topics of research.
Essential Functions:
Be a product security champion by driving Security Architecture and Design, implementation and optimization for Web, API and Mobile backend applications across Visa.
Applying security design principles to develop security solutions architectures
Engage in the initial requirements definition including analysis of threats and risks and alignment with Visa security, Engineering, IT and Architecture standards.
Conduct and facilitate security reviews, threat modelling including deep design reviews throughout the development lifecycle.
Facilitate 'table-top'/red-team/scenario analysis exercises in conjunction with other SMEs. Plan the resolution of any identified vulnerabilities/issues.
You’ll be working on enabling/building security controls which protect the applications from attacks on various platforms and technologies, like:
Linux, Windows, VMWare, Openstack, SDN, Public cloud like AWS, Google
Cybersecurity tools like IDS, SIEM, Tripwire, Tanium, Netwitness, Netflow, WAF
HSMs, Tokenization systems, data encryption solutions from Safenet, Vormetric etc
Web technologies like HTTP, SOAP, REST services, AJAX
Databases like Oracle, MS SQL, Redis, Cassandra
Programming languages like Java, C, C++, .Net, Javascript, GoLang, ErLang, etc
Caching services like Hazelcast, Coherence, and messaging systems like Kafka, MQ
Web Access Management solutions like Forgerock, Siteminder, Custom/in-house Security Frameworks
Help business and product team to achieve various compliance certifications like PCI, FFIEC etc.
Identify and analyse system and application level vulnerabilities to provide recommended counter measures or mitigating controls that reduce risk to an acceptable and manageable level.
Driving security technologies evaluations, proof-of-concepts, and production pilots
Building strong cross-organisational relationship through integration with the teams, in order to effectively influencing staff across the IT organisation and product groups
Managing the lifecycle of security technologies
Staying current with security technologies, as well as development techniques and methodologies in order to make recommendations for use based on business value
Maintaining oversight of the design and implementation of IT systems to ensure appropriate and effective security controls are included.
Contribute to the definition of overall IT architecture from a cybersecurity lens.
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.
