Company Description

Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.

When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.

Join Visa: A Network Working for Everyone.

Job Description

Purpose of Role:

The Application Security Specialist is a pivotal role in creating a secure software development life cycle at Visa.

As a member of the Security team, you will work to remedy and expedite remediation work related to security within our application stacks. In addition, there are several areas where creativity and improvisation will require your existing development expertise. You will be working alongside security professionals in both Application Security and Operations, as well as other development team members and consultants.

This role requires a dedication to technical excellence, not only in writing code, but also in testing, documentation, and reviews. Being a strong and influential communicator is essential as well as a positive attitude and willingness to work across various disciplines as required.

You will be required to consult for multiple delivery teams and balance multiple tasks according to priority. Whilst consulting with Agile delivery teams, you will be assisting with their security problem solving, and most importantly, coaching the teams on secure coding best practices. You will also be pursuing strategic security Research and Development tasks as directed by the Security Practice Lead.

Development experience with modern web (React, Javascript, OWASP Top 10), .Net development (ASP.Net, Web API, C# library development) and the security of relational databases (SQL Server) is required. Most important is a demonstrated ability to learn new technology and incorporate security principles into best practice.

Areas of Accountability:

Software development

• Conduct security code reviews
• Remediate security issues
• Mentoring and upskilling developers
• Following coding style standards and secure guidelines
• Using source control (Git)
• Writing unit and integration tests

• High quality code that meets guidelines for style
• Team feedback
• Analyse Penetration testing results
• Peer reviews and the Security Training Register
• Code is effectively covered to agreed level of code coverage
• Adherence to secure software principles that enforce legal compliance
• Events and logs analysis

Technical Knowledge

• Solid understanding of the Microsoft technology stack and how it relates to Visa
• Clear understanding of modern web technologies in relation to writing secure software
• Maintain relevant, up-to-date information from across the industry regarding information security and privacy

• Good knowledge of .NET system libraries
• Strong understanding of web application infrastructure in relation to security concerns
• Ability to communicate and mentor modern secure development techniques and practices

Domain Knowledge

• Learning domain concepts
• Documentation
• Knowledge sharing

• Demonstrates knowledge and understanding of domain
• Creates technical documentation for new modules and features
• Shares knowledge with colleagues
• Regular contributor to wiki

Security Point of Contact (SPOC)

• Security point of contact for solutions and Internal Business in multiple contexts including:
• Security related platform RFP questions.
• Internal technology audits.

• Working with the Practices to implement BAU security outcomes.
• Working with Ops and InfoSec on Proactive security monitoring.
• Working with external consultants as required for code reviews and audits.

This is a hybrid or remote position.

Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office two days a week, Tuesdays and Wednesdays with a general guidepost of being in the office 50% of the time based on business needs.

A remote position does not require job duties be performed within proximity of a Visa office location. Remote positions may be required to be present at a Visa office with scheduled notice.

Qualifications

Preferred Experience:
• Previous Application Security experience preferred
• OWASP Top 10, CWE Top 25 and other common web vulnerabilities
• PCI DSS, ISO27001 and other regulatory frameworks
• Experience with SAST and DAST software (Contrast, Checkmarx, BlackDuck, Snyk, etc.)
• Familiarity with software component reviews and CVE research techniques
• Transactional systems e.g., banking, finance, telecommunications, etc
• Financial industry experience
• .NET development in C# with recent frameworks
• ASP.NET MVC
• JavaScript, React, Redux, Typescript
• Experience with Enterprise scale multi-tenant Cloud/SaaS web environments
• Microsoft SQL Server 2008/14
• Use of Git for source control
• Continuous Integration and Deployment frameworks (TeamCity or similar)
Key Attributes:
• Attention to detail
• Self-motivated
• Strong interest in web application security
• Strong and Influential communication skills
• Able to build strong relationships with a range of stakeholders

Additional Information

Visa has adopted a COVID-19 vaccination policy. As a condition of employment, all employees based in the country where this job is located are required to be fully vaccinated for COVID-19, unless a reasonable accommodation is approved or as otherwise required by law.