Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.
Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.
Job DescriptionThe Mobile & Mac Security (MMS) team is looking for a talented Cybersecurity Analyst to join our team in Singapore and ensure the highest security standards for our Mobile and Mac consumer and corporate products and services.
Who are we?
The Mobile & Mac Security (MMS) team, part of the overall Cybersecurity department at Visa, Inc. operates as a flexible and fast-paced team, very similarly to a mini startup, within our overall organization. We aim to excel at Whitehat hacking skills to keep our organization secure... and have fun doing it!
Who are we looking for?
We value diversity within our team and believe that it’s who you are and what you do that will make us a better and stronger team. We always cherish differences of opinion, and aim to learn from every team member, no matter their level or experience, in our day-to-day activities.
We care about you, what drives you, your motivation and your desire to perform within our team more than any certification or diploma you may have. Those values will be essential focus points for us during the interview so don’t hesitate to tell us more about them!
Remember, we hire humans, not robots (at least not yet)!
The classic stuff that you should read:
As a member of Visa’s MMS team, you’ll join a dynamic team in order to help:
Help develop, maintain, support and innovate on various internal Cybersecurity tools we leverage on a daily basis.
Perform ethical penetration testing on various Visa mobile and Mac assets to simulate real-life security vulnerabilities and scenarios.
Execute successful adaptation of mobile and Mac security assurance across Visa.
Identify weaknesses and shortcomings in Visa’s existing security posture of various products and recommend and enhance all necessary controls to effectively protect Visa assets and services from intentional or inadvertent modification.
Help build foundational application security capabilities.
Develop automated tools and scripts to optimize various testing process and flows.
Essential Functions:
Create mobile security guidelines, requirements, and standards for mobile product development, as well as enterprise mobile deployment and proactively mitigate risks associated with information security.
Analyze security gaps in mobile technologies and frameworks that lack standard validation methodologies and incorporate remediation practices to reduce risk posture of Visa products and assets.
Develop tools and frameworks required performing advanced and complex mobile security assurance and ethical hacking activities.
Research on mobile platform releases, capabilities and functionalities to understand and establish mobile security standards.
Define, implement and scale consistent mobile security practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value, and mitigate the risks associated with information security.
Integrate architectural risk assessment and threat modeling of large-scale enterprise applications and infrastructure into Software Development Lifecycle, to identify and reduce risk associated with information security in a timely manner.
Ensure end-to-end security of Visa products by means of hands-on-testing, threat hypothesis, risk remediation advises and championing secure implementation efforts.
Improve secure coding practices, application security requirements, automation, training, and metrics.
Build strong cross-organizational relationships, and effectively influence staff across the IT organization, and broader enterprise.
Collaborate with product development and solution teams proactively, to manage software security risk aligned with business goals.
Collaborate with product and solution teams to achieve Global Information Security software security program objectives.
Define a simplified security metrics approach that enables executive leaders, line leader, and operational staff to quickly act on application security related risks.
Collaborate with all internal and third-party application development teams to define an enterprise set of “reasonable” security controls that will protect company brand from real or perceived security breaches.
Build secure products and standards around emerging technologies and fields lacking existing standards and security practices.
In addition, develop and optimize processes to improve software development efficiency in the consumption of security development practices. Utilizes graduate-level research and analysis skills.
This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.
QualificationsBasic Qualifications:
•2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience
Preferred Qualifications:
•3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
•2-3 years minimum of professional experience in a Cybersecurity-related field.
•Strong experience with one or more of the following programming languages: Node, Python, Java, Swift and Objective-C strongly preferred.
•MUST have deep understanding of OWASP Top 10 and CWE 25. Proven track record and experience in implementing and integrating remediation strategies.
•MUST understand the basics of a mobile application and platform security concepts. Deep understanding of those platforms, and advanced concepts related to SDKs and mobile wallets preferred.
•Excellent penetration testing, application risk assessment and risk categorization skills, including but not limited to, reverse-engineering, network interception and manipulation, offensive and defensive attacks, as well as database and cross-site scripting injection attacks.
•Deep understanding of web applications common architectures, development frameworks and web protocols.
•Candidates with experience in the following tools/technologies should apply, and are strongly preferred: Burp Suite, IDA pro, APKTool, Hopper, HP Fortify, CheckMarx (Sast/Dast), Cycript, XPosed, Charles, dex2jar, Kali Linux, Wireshark or any mobile security and/or penetration testing tools or frameworks.
•Candidates should be familiar with the agile development process and have experience integrating secure development practices into the model efficiently.
•MUST be a highly effective communicator and able to write with proper grammar.
•Solid problem solving and analytical skills. Able to quickly digest any issue/problem encountered and recommend an appropriate solution.
•Self-motivated and able to work independently.
•Demonstrated leadership qualities, flexibility, adaptability to changes in roles and responsibility as required.
•Excellent operational skills. Quality and results oriented.
•Strategic thinker, visionary and innovative
•Bi/multi-lingual a plus.
•Strong client service orientation.
•Able to negotiate and bring consensus to diverse priorities of product development and solution teams.
•Comfortable with a remote management dynamic.
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.